ssl for images

shawnb61 · December 12, 2019, 03:21:05 PM

Quote from: vbgamer45 on December 05, 2019, 01:33:38 PM
You can do a mysql find and replace on the messages table in the body column to change the link url from http://imagepath to https://imagepath
Always backup your database first

Code Select Expand
update smf_messages set body = REPLACE(body, "http://imagepath", "https://imagepath");

The problem with this approach is that, I find, many sites are still not http. If you do a change like this, the images will disappear. The image proxy is the only way to deal with these http sites at the moment (assuming your goal is the padlock...).

What would be very handy would be a utility to test for a redirect, and only if found, make that edit.

Illori · December 12, 2019, 03:22:54 PM

the OP said that the images are stored on their domain, so it should not be an issue.

shawnb61 · December 12, 2019, 03:24:42 PM

Ah, missed that...

Kindred · December 12, 2019, 08:43:06 PM

Is your avatar url set to https?

Jeff B · December 13, 2019, 02:02:38 AM

Yes. What I can't figure out is why there would be any reason for any avatar to be loading.

Jeff B · December 13, 2019, 08:03:14 AM

Lurkalot is a member of my forum and stopped by for a look and found it for me. It was an http call to a script for the mod autolink words. I disabled the mod and the issue went away.
Now onward to converting my gallery image calls, however I need to wait until after the holidays because we have a contest running and I can't take another chance of disrupting that.
Thank you for the help here and especially to Sir Lurkalot!

Kindred · December 13, 2019, 10:01:08 AM

ah... yeah, that is frequently the case with mods that call external scripts.

I didn't have a chance to go to your actual site to look, but here's a little pointer:

ON a page that triggers the warning, do "view source of page"
search in the source code, do a search for "http:"
that should tell you what the actual call is and allow you to (possibly) figure out, from looking at the call or the display code around it, what area is causing the problem.

Then you get to have the fun of tracking down the section of code that the mod modified... sometimes that is simple, sometimes not.
most mods that add javascript drop it into index.template.php or add it in their own file, via hooks

lurkalot · December 13, 2019, 12:30:39 PM

Quote from: Kindred on December 13, 2019, 10:01:08 AM
ah... yeah, that is frequently the case with mods that call external scripts.

I didn't have a chance to go to your actual site to look, but here's a little pointer:

ON a page that triggers the warning, do "view source of page"
search in the source code, do a search for "http:"
that should tell you what the actual call is and allow you to (possibly) figure out, from looking at the call or the display code around it, what area is causing the problem.

Then you get to have the fun of tracking down the section of code that the mod modified... sometimes that is simple, sometimes not.
most mods that add javascript drop it into index.template.php or add it in their own file, via hooks

Yep, that's how I found it. Plus error console was warning me about the insecure call for that script, and other helpful info which I passed on to Jeff by PM on his site.

News:

ssl for images