MediaFire onebox uses insecure image


(Joshua Rosenfeld) #1

Going through some posts on Stonehearth, I discovered a page with a mixed content warning. I went ahead and changed the link from http to https, but it seems that the onebox is including an insecure image. I saw a topic from 2 years ago that’s seemed similar (old topic). I’m hoping that if this is the same issue there might now be a solution.

Here’s the link causing the issue:

(Jeff Atwood) #2

How is this a bug? That’s gonna happen any time someone hotlinks an image from a http source. There’s no real solution, other than disallowing all http content.

(Lutz Biermann) #3

Not even I see this as a bug :wink:

But, is it possible to disable https linking without nginx magic?

It would be a nice feature for security reasons. E.g. The user could get a warning when he try to onebox http content: “This is not allowed here for security reasons”.

(Jeff Atwood) #4

I think this is resolved now because the oneboxes will download the remote image, thus converting them to https if the discourse site itself is https.

(Joshua Rosenfeld) #5