Avoiding use of mixed content
I have just found out about nodebb and have been trying to get a bit familiar with it in the last few day. One thing I noticed so far is that this particular installation is served over HTTPS but actually has some non secure content mixed in it. In most browsers this only causes a little notification, but in some versions of Firefox, websites with mixed content are completely blocked. Here are some screenshots:
Some version of Firefox completely block mixedcontent
Chrome seems to show a warning when encountering mixed content
I believe there is an effort to discourage using of mixed content to improve the security of the web. I am not sure if this is a bug with nodebb itself, or just this particular installation, that is why I decided to post here to get some feedback. Are there any plans to address this issue?
on the main page it seems that the content (gets shown within a widget sometimes) gets loaded insecure. The devs may change this because there is a secure image on same path.
So this is a problem of this instance.
On some other pages you'll come around insecure content, that may be an image within posts (which NodeBB shoudn't filter, so it's ok).
Also some profile-images on this instance have an insecure reference (for some users who registered in early ages of NodeBB, it won't happen with newer user-images, so it's an instance problem too).
Besides this problems I haven't encountered any mixed content yet (but I may have overseen them since I use chrome where the symbol is decent), so in your own board-instance you'd probably not encounter any mixed content (besides within user-posts).
NodeBB itself does only request protocol-relative assets, although in the case of some older forums, they may be requesting uploaded image assets (avatars) via HTTP, although that is far and few between, and I believe an update to the latest version of NodeBB should handle that nicely.
@julian Hi we have
mixed contenterror on our forum because of user image uploade
How we can fix this issue?
@julian see this url please:
@sanatisharif You will need to have your users re-upload their images.