SSL and mixed content

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,560
Location
Maastricht
I've installed a Letsencrypt certificate for my private hobby forum, since Chrome will be complaining soon if no ssl is used to login.

However, on several pages I get the yellow triangle sign with a ! character in it.
It says (translated from Dutch):
Parts of this page are not secured (like images)

So I looked and on those pages there are links to external images like http://nl.tinypic.com/somepicture.jpg in one or more posts.

If I click the info field, I get information about pages having mixed content.

Is there a way to fix this or to prevent having this "mixed content", because you can't expect every site you link to, to have https enabled.
 
Thank you Alex.
But we almost don't use any images on the forum, except for smilies and avatars and they are already very small.

When visiting the pages with the issue, it seems the issue occur when in postings, people are linking to images on external sites like tinypic.com.
I can't find any other images in the posts, except for the smilies and avatars. But ssl doesn't have issues with those as can be seen from many other posts.
 
Thank you Alex.
But we almost don't use any images on the forum, except for smilies and avatars and they are already very small.

When visiting the pages with the issue, it seems the issue occur when in postings, people are linking to images on external sites like tinypic.com.
I can't find any other images in the posts, except for the smilies and avatars. But ssl doesn't have issues with those as can be seen from many other posts.

Is it possible to have / change a script wich is putting the s at the end of http. ;)
So is a htaccess if...rewrite doing for a lot of... non https there

Sometimes old links are without https in cms systems and not rewriting as the link to user profile , signed user with websitelinks and so on
 
Thank you I know but that only works for image hosts. Normal http links do not need to be translated unless it points to the own domain.
So it's only for external java scripts, images etc.

And nl.tinypic.com does not use https, then http://nl.tinypic.com/pic1.jpg will be translated in https://nl.tinypic.com/pic1.jpg in the img code and the picture won't be shown anymore.

I found a solution though. I told my users to use another image host who do use https like https://imgsafe.org/ and all links to there will be https so the images will also be https and problem is solved. ;)
Thank you for answering though!
 
Had the same thing on my own site.
Made everything on my site "https", eventhough I don't have any login-pages. But my browser (Firefox) would still show the orange triangle, and only because I had a small avatar linked to Photobucket showing on my site.
Saving a local copy of the image on my server solved the issue.

It's kinda annoying that large (imagehosting) companies don't keep up with the times.
 
Well.... Luckily there are several image hosting company's which do keep up with the times. Like Postimage, Imgsafe, and Imageshack for example. I choose Postimage due to the fact that they have some forum plugins which come in handy.
 
I solved it by modding the [ img ] bbcode file by adding an image proxy. All external images are now https.
Solution is not yet perfect, it also uses the image proxy for all ready https images.

Anyone know of a simple php image proxy script for self hosting an image proxy? I don't want to depend on a 3th party.
 
linking to http links is not a problem, but if you render them in the browser (showing the image) it suddenly becomes mixed content. So using a local proxy mechanism is a good fix and save as you can verify the image yourself (check if it's really an image) and cache it if you want. This also prevents image-not-found errors is the remote host decides to move or delete the image.
 
That's correct, but then you are keeping all images local on your hosting account and that costs a lot of space after some time, especially if a more pictures are being posted. Or am I mistaken?

@Wanabo: Maybe this thing on Github is what you are looking for?
https://github.com/willnorris/imageproxy
 
That's correct, but then you are keeping all images local on your hosting account and that costs a lot of space after some time, especially if a more pictures are being posted. Or am I mistaken?
Correct! You copy it if you cache it, but it performs better if the remote host is down or slow or decides to change the image to a trojan :)
If you don't care about that and want to keep the image remote, just proxy the http:// images ( http://stackoverflow.com/questions/3011222/dealing-with-http-content-in-https-pages ).

But if you have a lot of pages/visitors, you'll really want to cache them and set the browser cache to a looong time.
 
Well (un)luckily our forum does not have a lot of visitors anymore and pictures are not that important to us.
But if it's easy to do I would like to convert the already existing non https images to https.
Is there an easy way to get for example a http://nl.tinypic.com/foto.jpg img tag to a https img tag link via a proxy, without the need to re-upload the images?
 
Back
Top