SMF Support > SMF 2.0.x Support

Image from image hoster website breaks SSL

(1/1)

nesousx:
Hi all,

I recently implemented a self-signed certificate to my SMF forum. It works pretty well, see here and notice "blue bar" : https://www.alogh.com/ [nofollow]

However some users "break" the SSL by having image hosted by dedicated websites (ie: imageshack and the like) linked in their signature, see example here, and notice the SSL "blue bar" is gone : https://www.alogh.com/forum/index.php?action=profile;u=322 [nofollow].
Moreover, those users will "break" SSL in any topic they post: https://www.alogh.com/forum/index.php?topic=2626.0;topicseen [nofollow]

About the signature settings : php and html are not allowed in my settings, and I checked manually the sig from the user I linked you as example, he uses bbcode to embed the image.

I would like my SSL cert to work everywhere (so that I can think of buying a really one, maybe), but I also don't want to remove the ability to have images from hosting website in my user's signature.

So here is my question : would that be possible ?

Thanks a lot in advance.

CoreISP:
It probably works, but because insecure content is being loaded as well; safety is not completely guaranteed in the eyes of the browser because not ALL content is SSL secured; the images are not. So that makes sense and I'm not sure if there is any stopping to that other than refusing to allow offsite images or force those images to use SSL as well (if the image hoster offers it!)

The bar should come back though as soon as they use critical functions such as login, post, modify post, etc.
Hence: it does not truly break SSL, just the browser indicates that not the entire site is SSL secured.

nesousx:

--- Quote from: CoreISP on July 17, 2012, 03:04:34 AM ---It probably works, but because insecure content is being loaded as well; safety is not completely guaranteed in the eyes of the browser because not ALL content is SSL secured; the images are not. So that makes sense and I'm not sure if there is any stopping to that other than refusing to allow offsite images or force those images to use SSL as well (if the image hoster offers it!)

The bar should come back though as soon as they use critical functions such as login, post, modify post, etc.
Hence: it does not truly break SSL, just the browser indicates that not the entire site is SSL secured.

--- End quote ---

Yes, you are completely right. SSL is not totally "broken", just  the link between my website and hosted images. However it looks "ugly", I really wish the SSL couls stick everywhere.

Moreover, when an image is emebbded in a post, it doesn't "beak" SSL. It only does it from signatures which is weird. It looks like signature are seen as part of the website itself whereas post are not. Maybe this is the expected result from dev?

Edit: I did another test and what I said was wrong. SSL is also "broken" by images inside a post.

Arantor:
You need to get your users to use https links for the images... nothing is going to change that magically.

Navigation

[0] Message Index