Going through some posts on Stonehearth, I discovered a page with a mixed content warning. I went ahead and changed the link from http to https, but it seems that the onebox is including an insecure image. I saw a topic from 2 years ago that’s seemed similar (old topic). I’m hoping that if this is the same issue there might now be a solution.
Here’s the link causing the issue: https://www.mediafire.com/file/1ntykblml3x818v/magical_jobs.smod
How is this a bug? That’s gonna happen any time someone hotlinks an image from a http source. There’s no real solution, other than disallowing all http content.
But, is it possible to disable https linking without nginx magic?
It would be a nice feature for security reasons. E.g. The user could get a warning when he try to onebox http content: “This is not allowed here for security reasons”.