dreamax 7 Report post Posted December 11, 2016 Hi there, actually you are allowing your users to use http:// images in there threads and signatures. This results in "mixed content" insecure browser messages. There is, however, no reason to allow this. Most image hosters already serve there images via http & https. Some users having for example "http://i.imgur.com/XX" (they are available at https ://i.imgur.com/XX too) images in there signature, leading to insecure https message in the whole thread. So you should consider to disallow http:// based images at all or use an plugin like this: https://invisionpower.com/files/file/7510-ssl-image-proxy/ IMHO there should be no negative effects. Thanks dream 0 Share this post Link to post Share on other sites
Shayss 43 Report post Posted December 11, 2016 Hey Dreamax, I am not clued up on forum code or layout so maybe you will know. What you just requested, would this affect only signatures? Would it affect avatars and actual post content aswell? 0 Share this post Link to post Share on other sites
dreamax 7 Report post Posted December 11, 2016 Hey Dreamax, I am not clued up on forum code or layout so maybe you will know. What you just requested, would this affect only signatures? Would it affect avatars and actual post content aswell? Hi there, it will affect any images hosted on external servers. AFAIK this will only affect post content and signatures only. Avatars are hosted on the local server. Most people in here using "http://i.imgur.com/XX.png" Image links. The problem would be solved by changing them to "https://i.imgur.com/XX.png" Example: Secure site: https://forum.elysium-project.org/index.php?showtopic=23775 Mixed-content site: https://forum.elysium-project.org/index.php?showtopic=23775&page=5 (because "TheOfficialLion" sig points to http://i.imgur.com/CfqQDpx.png) 0 Share this post Link to post Share on other sites
Akamaran 0 Report post Posted December 11, 2016 Hi there, it will affect any images hosted on external servers. AFAIK this will only affect post content and signatures only. Avatars are hosted on the local server. Most people in here using "http://i.imgur.com/XX.png" Image links. The problem would be solved by changing them to "https://i.imgur.com/XX.png" Example: Secure site: https://forum.elysium-project.org/index.php?showtopic=23775 Mixed-content site: https://forum.elysium-project.org/index.php?showtopic=23775&page=5 (because "TheOfficialLion" sig points to http://i.imgur.com/CfqQDpx.png) Could they not just add a word filter for http:// to https:// Most major image provider support https:// and if not the redirection will be made. 0 Share this post Link to post Share on other sites
dreamax 7 Report post Posted December 11, 2016 Could they not just add a word filter for http:// to https:// Most major image provider support https:// and if not the redirection will be made. Actually the posted plugin does this in an smarter way: - Checks if the user is posting a http url. If so it checks if there is a https version available (most popular image sharing sites have https support). If a https version is available then the image is simply rewritten to use the https version. This results in no proxy being used at all and many people could run this plugin in that mode completely if they didn't want to use the proxy component. This is the option that the IPS solution really misses. - (Optional) If there is no https version available then the image is rewritten to point at a local script. This script gets the image in the background and serves it via https thus removing any mixed content warnings. 0 Share this post Link to post Share on other sites
