Option to prohibit avatars from insecure sites

https://www.phpbb.com/ideas/
Post Reply
Author:
Drakath
Posted:
Sat Apr 21, 2018 12:11 pm
Rating:
Status:
New
Ideas Bot
Registered User
Posts: 442
Joined: Sat Oct 13, 2012 10:06 am

Option to prohibit avatars from insecure sites

Post by Ideas Bot » Sat Apr 21, 2018 12:11 pm

There should be an option to only allow HTTPS avatars when using remote links in order to prevent mixed content warnings.

User avatar
vader696
Translator
Posts: 56
Joined: Sat Jan 21, 2017 11:38 am
Location: Krakow, Poland
Contact:

Re: Option to prohibit avatars from insecure sites

Post by vader696 » Fri Apr 27, 2018 11:24 am

In this case you should disallow any content from websites which are use http, eg. enclosed links from other sites, not only avatars.

In my opinion just disallow option to use avatars from other websites or add point to your forum regulations.

User avatar
jackennils
Registered User
Posts: 192
Joined: Mon Jun 01, 2009 7:48 pm

Re: Option to prohibit avatars from insecure sites

Post by jackennils » Sun May 06, 2018 2:29 pm

Exactly. Just let people upload the avatars to your site and you're done.

User avatar
Wes of StarArmy
Registered User
Posts: 288
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Option to prohibit avatars from insecure sites

Post by Wes of StarArmy » Thu May 10, 2018 2:41 pm

Wouldn't it make more sense to proxy the images on the forum?

A proxied image would look something like:

Code: Select all

https://example.com/phpbb/proxy.php?url=http://some.insecure.site/avatarimage.jpg
I agree that allowing avatars to be uploaded is the easiest fix.

paul7289
Registered User
Posts: 5
Joined: Fri May 18, 2018 1:03 pm
Contact:

Re: Option to prohibit avatars from insecure sites

Post by paul7289 » Fri May 18, 2018 1:20 pm

Wes of StarArmy wrote:
Thu May 10, 2018 2:41 pm
Wouldn't it make more sense to proxy the images on the forum?

A proxied image would look something like:

Code: Select all

https://example.com/phpbb/proxy.php?url=http://some.insecure.site/avatarimage.jpg
I agree that allowing avatars to be uploaded is the easiest fix.
That's a nice workaround. So you could allow uploading avatars and will not have any problems with the SSL.

Post Reply

Return to “phpBB Ideas”

Who is online

Users browsing this forum: No registered users and 18 guests