Page 1 of 1

Extension using HTTPS Anywhere database

Posted: Thu Mar 21, 2019 8:01 am
by John connor
This is not an extension I need myself, but an idea I have for others that may have trouble with mixed content on their board using HTTPS. I use CloudFlare myself, and in its settings I have an option to fix mixed content. Apparently, CloudFlare achieves this by using the HTTPS Anywhere Firefox add-on database and something else which I don't know. So I thought rather than a user that doesn't use CloudFlare having to roll out some complicated proxy to fix non-HTTPS links, what if an extension can be created that utilizes the HTTPS Anywhere database and rewrites HTTP links that are not secure on the fly if those links have an HTTPS link available? This is in essence how CloudFlare works to fix mixed content.

Sounds like a good idea and I think it might just be achievable. Plus, it will help a lot of people out who suffer with mixed content warnings, and the extension should be relatively simple. If I knew PHP and how to code phpBB extensions I'd do it myself, but alas I don't.

Thanks for reading and your consideration.

Re: Extension using HTTPS Anywhere database

Posted: Thu Mar 21, 2019 8:42 am
by Senky
Funny that you ask just now when I recently created Mixed Content Fixer extension which (apart from the other attempts) implements HTTPS proxy directly - no settings, no additional installations. It is paid, but for as low as a handful of change, though. :)

Re: Extension using HTTPS Anywhere database

Posted: Fri Mar 22, 2019 8:33 am
by John connor
How does it proxy and HTTPS the links, and is it only for images?

Re: Extension using HTTPS Anywhere database

Posted: Fri Mar 22, 2019 8:45 am
by Senky
John connor wrote:
Fri Mar 22, 2019 8:33 am
How does it proxy...
It uses built-in proxy with 1-day cache layer. I plan to add option to disable cache layer as well as use external proxy.

John connor wrote:
Fri Mar 22, 2019 8:33 am
...HTTPS the links...
It doesn't change link since links don't cause mixed content warnings.

John connor wrote:
Fri Mar 22, 2019 8:33 am
...is it only for images?
Yes, for now. But support for other formats can be adde easily (although I can't imagine proxying video, that would break your server fast probably).

Re: Extension using HTTPS Anywhere database

Posted: Tue Mar 26, 2019 11:45 pm
by fagbutlil
I use this https://github.com/phpbb-de/phpbb-ext-e ... -as-linkno more mixed contents for me any more either.

Re: Extension using HTTPS Anywhere database

Posted: Sat Jun 15, 2019 1:09 am
by John connor
I get a 404 with that link.

Re: Extension using HTTPS Anywhere database

Posted: Sat Jun 15, 2019 1:57 am
by Mellx1

Re: Extension using HTTPS Anywhere database

Posted: Sat Jun 15, 2019 7:13 am
by canonknipser

Re: Extension using HTTPS Anywhere database

Posted: Sat Jun 15, 2019 11:29 pm
by dingus33
i personally couldn't care less about mixed content warnings. i think it's good that browsers make you aware of mixed content issues, but imho, it's not the responsibility of our forums to "fix" these warnings just for the sake of having no warnings display. mixed content isn't necessarily a problem.

however, i think proxying all external images (and other embedded resources) is a useful feature for privacy reasons. if it's a forum where privacy is paramount, it's a good idea to shield your users from surveillance by any and all monitoring by external servers via client requests. i think it's a shame that such extensions/efforts are presented primarily as a solution to mixed content warnings -- the real solution to this 'problem' is user education about what these warnings actually mean.

and yes, i do think that having an extension that rewrites links in posts (if possible) like the EFF's HTTPS Everywhere (not 'anywhere') tool is a great idea. if there is a https version of a link/resource available, it's probably in your users' best interests to use it. but it's not a replacement for image proxying. https-everywhere and image proxying are solutions to two related problems and could be used separately or in tandem.

also potentially of interest to some forums: removing referer from request headers so that when users follow links to external sites, the external site isn't aware that the user came from your forum. implementing this correctly however could require a redirector on a separate domain. that way, i think you can take care of Origin too.

Re: Extension using HTTPS Anywhere database

Posted: Sun Jun 16, 2019 6:21 am
by John connor
I have a BBcode for omitting the referrer. If you want it I can post it.

Mixed content is in fact the responsibility of the website owner and should be taken care of. This site has done that and so do I using CloudFlare. But to those that don't use CloudFlare, an extension that can utilize the HTTPS Everywhere database would be nice.

Re: Extension using HTTPS Anywhere database

Posted: Mon Jun 17, 2019 7:35 am
by Holger
dingus33 wrote:
Sat Jun 15, 2019 11:29 pm
i personally couldn't care less about mixed content warnings. i think it's good that browsers make you aware of mixed content issues, but imho, it's not the responsibility of our forums to "fix" these warnings just for the sake of having no warnings display. mixed content isn't necessarily a problem.
It is very annoying for your users and does not add to the good user experience.
So I try to fix such things as much as possible.