ive found this post, but i dont understand how to get a csrf token
community.nodebb.org uses http:// resources on secure page
Currently, community.nodebb.org uses http:// resources on some https:// pages, for instance https://community.nodebb.org/category/2/general-discussion (at the moment). According to Firefox, the resources are
This causes a security warning in Firefox (HTTPS "lock" sign has a yellow exclamation mark). Maybe external user profile/upload URLs which are embedded should be checked for their URI scheme, and if they're only available as http://, they could be either proxied over https:// or not be shown by default (only if you click on them or something like that). Or maybe just an "insecure" icon that links to the http:// resource…
Re: the second link -- we cannot control whether users link images with http or https, as not all sites support transparent http to https routing. I believe the imgur plugin returns https links now.
@julian Imgur can return HTTPS links but doesn't force them by default.
@julian sure blame me the second I log back in after a year.