Comment 1 for bug 1463629

Some additional steps to consider:

1. An upgrade script to retroactively find HTTP iframes and rewrite them to HTTPS. Full-database text find/replace scripts like that are often quite slow... although I suppose we could limit it by looking only for fields with the word "iframe" in them.

2. Updating the blocktype/externalvideo media sources so that they do this behavior as well. Currently only the Youtube mediasource rewrites the protocol of iframes.