Here’s a summary of the situation:
- I have blog posts created on a WordPress blog hosted on wordpress.com. They work fine and all embedded images render when I preview the post in edit mode. When I inspect the post preview, the img src and srcset attributes use https as expected.
- I retrieve the posts via the public REST API to display on my company’s site (for SEO purposes).
- Along the way, the img tags’ srcset attribute links are losing their ’s’ and being rendered as http (as opposed to https).
- The images are failing to load because people access our website via https and many browsers won’t load insecure http content on such a site.
I have seen somewhat similar questions on StackOverflow, but I believe mine is unique for two reasons: first, I’m using the WordPress REST API, and second, the blog is hosted on wordpress.com, therefore I can’t install custom plugins or edit the underlying PHP.
Update: As of October 25th, 2016, our blog is working correctly again. It would appear that WordPress has quietly fixed this issue on their side.