allow only https:// avatars

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Get Involved
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Locked
Sepp71
Registered User
Posts: 84
Joined: Sat Sep 06, 2008 11:32 pm
Location: Germany

allow only https:// avatars

Post by Sepp71 »

Did anyone find a solution for this?
Same problem here: I have set my page to SSL and now the avatars hosted on external servers break my board to "mixed contents" resulting not only in the optical problems mentioned above but are also blocking permanent cookies on some browsers.
As i fear that some users will use pictures without respecting copyrights, hosting avatars on my own server is not an option.

Sepp
Last edited by Mick on Wed Feb 01, 2017 11:21 am, edited 1 time in total.
cyrilca
Registered User
Posts: 12
Joined: Thu Jul 09, 2009 1:41 pm
Contact:

Re: allow only https:// avatars

Post by cyrilca »

To richey and Sepp71,

In order to deal with this issue, I have successfully installed the extension CAMO SSL PROXY on my 3.1.10 forum (still working with 3.2). Please keep in mind that this extension is marked abandoned (ABD) and that it will thus probably not be further developed. Anyway, you can still test it on a local copy of your forum and decide if you would like to use it.

The URL of my live forum is in my profile, if you want to see it live.

My settings (see topic linked above for the explanations) :

Code: Select all

    Enabled : training mode
    Simple Mode : Simple Mode
    Address of the image proxy : images.weserv.nl/?url=
    Camo API key : *leave empty*
Sepp71
Registered User
Posts: 84
Joined: Sat Sep 06, 2008 11:32 pm
Location: Germany

Re: allow only https:// avatars

Post by Sepp71 »

Thanks for showing this! But it seems to be a website that hides the real URL by somehow rewriting the original http-only url to a new one with a new server, now reached via https.
This might be connected with new copyright-problems because it hides the original source of the image an could be seen as URL-cloaking or mistreating the https-services.
That is what I would expect from a name including "Camo" = Camouflage.
From my point of view it would be better simply to block the input forms for URL's in the UCP when someone wants to enter an address starting with http:// and not with https://.

Sepp
User avatar
richey
Registered User
Posts: 636
Joined: Mon Feb 18, 2002 4:26 pm
Location: now@Cyberspace
Contact:

Re: allow only https:// avatars

Post by richey »

... which is why I've been asking about this here ;-) :
viewtopic.php?t=2419081
.
Sepp71
Registered User
Posts: 84
Joined: Sat Sep 06, 2008 11:32 pm
Location: Germany

Re: allow only https:// avatars

Post by Sepp71 »

Thanks! I'll watch that topic, too and hope someone might post a solution - here or there...
Sepp
User avatar
richey
Registered User
Posts: 636
Joined: Mon Feb 18, 2002 4:26 pm
Location: now@Cyberspace
Contact:

Re: allow only https:// avatars

Post by richey »

Did you already find anything out?
What puzzles me is that the 'https'-URL-checking code snippet I posted in the other thread doesn't even seem to be triggered. :-o
.
Locked

Return to “[3.1.x] Support Forum”