Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. community.nodebb.org uses http:// resources on secure page

community.nodebb.org uses http:// resources on secure page

Scheduled Pinned Locked Moved NodeBB Development
5 Posts 4 Posters 2.1k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R Offline
    R Offline
    rfc2822
    wrote on last edited by
    #1

    Hello,

    Currently, community.nodebb.org uses http:// resources on some https:// pages, for instance https://community.nodebb.org/category/2/general-discussion (at the moment). According to Firefox, the resources are

    • http://community.nodebb.org/uploads/512-profileimg.png and
    • http://i.imgur.com/VreaosQ.png

    This causes a security warning in Firefox (HTTPS "lock" sign has a yellow exclamation mark). Maybe external user profile/upload URLs which are embedded should be checked for their URI scheme, and if they're only available as http://, they could be either proxied over https:// or not be shown by default (only if you click on them or something like that). Or maybe just an "insecure" icon that links to the http:// resource…

    1 Reply Last reply
    0
    • julianJ Offline
      julianJ Offline
      julian NodeBB GNU/Linux
      wrote on last edited by
      #2

      Thanks @rfc2822 -- the first asset was resolved long ago, when we added an SSL certificate to the site. The old link just set in @Chris' profile before we had SSL, so it still says http.

      Re: the second link -- we cannot control whether users link images with http or https, as not all sites support transparent http to https routing. I believe the imgur plugin returns https links now.

      KowlinK C 2 Replies Last reply
      0
      • KowlinK Offline
        KowlinK Offline
        Robert Translator
        replied to julian on last edited by
        #3

        @julian Imgur can return HTTPS links but doesn't force them by default.

        1 Reply Last reply
        0
        • C Offline
          C Offline
          Chris
          replied to julian on last edited by
          #4

          @julian sure blame me the second I log back in after a year.

          1 Reply Last reply
          2
          • julianJ Offline
            julianJ Offline
            julian NodeBB GNU/Linux
            wrote on last edited by
            #5

            @Chris that's for the downvote 😉

            @Kowlin Yeah, I believe @baris updated the imgur plugin so any uploaded images will save the https url in the post.

            1 Reply Last reply
            0

            Copyright © 2024 NodeBB | Contributors
            • Login
            • Don't have an account? Register
            • Login or register to search.
            Powered by NodeBB Contributors
            • First post
              Last post
            0
            • Home
            • Categories
            • Recent
            • Popular
            • World
            • Top
            • Tags
            • Users
            • Groups
            • Documentation
              • Home
              • Read API
              • Write API
              • Plugin Development