Suddenly this morning I noticed the “Your Connection is Insecure” warning icon for our forum in my brower’s address bar. I fairly quickly traced it to the offending images through using “Latest” and then simply checking images people had uploaded. I found 2 images (Oneboxed) that had http links inst…

Unless the images are very large, Discourse would download those remote images and make them local in the name of preventing image rot, if your site has default settings. That’s a normal thing in Discourse. This has the additional benefit of also making the images https as well.

We have a paid Discourse and are using the default settings - I’ve changed nothing. The image itself is but 18.5k. The only thing that caused the insecure connection warning was the Onebox with the http link. Once I deleted that, within <2 seconds the lock icon turned back green. The user did upload…

You could try pasting the same image link here, and we could have a look. The only thing I can think of that would prevent local download is if the image is very large.

I just pasted the link and it’s not Oneboxing. I also paste a 2nd link the user used which also did not Onebox - but then I deleted that link as it has her user account number for downloading photos from that website. Strange that it will not Onebox here. I just created a new reply on our forum, pa…

[image] JimPas: Edit: I just received a badge for my first Onebox… that doesn’t show anything but the link here on Meta. :laughing: That’s weird :thinking:. @nbianca can you have a look at that once you get back?

[image] zogstrip: That’s weird The first onebox badge has been granted for links that were not oneboxed for so long I thought that was the desired behavior. :roll_eyes:

This only happened on my site once I deleted a link that was Oneboxed, but was causing a “insecure” icon in the address bar for our forum. After I posted the link here on Meta, it did not Onebox, but did give me the badge. Another odd thing is that I re-posted the link on my site and now it won’t On…

My Mod uploaded and Oneboxed her links again to our Meta category and the "Secure Connection " icon went from green to black with the orange warning icon. I posted (for her) a link from Mozilla (Firefox) regarding the difference between http, https and mixed content because she had said she sees no …

If it doesn’t onebox here, then there’s nothing to do. Is your instance up to date with latest code?

I last checked yesterday and the Dashboard was updated a couple of hours before that. Discourse was updated July 26… to 2.4.0.beta2? That one link seems to be the only one that causes this. Not sure if it’s tied to my mod’s account on that website, a tracking cookie maybe that gets “lost” when the …

Mixed content due to hotlinked images

Support

nbianca (Bianca) August 6, 2019, 8:49am 13

The problem was fixed in:

https://github.com/discourse/discourse/pull/7974

Discourse with Traefik 2.0

Topic		Replies	Views
Images posted via HTTP URL are not being displayed until downloaded to local Bug	16	2337	January 24, 2019
Missing images at Meta.discourse.org Site feedback	54	2421	March 18, 2025
Whitelist to allow onebox only with https domains? Support	6	1077	October 29, 2018
Link-image not shown Self-hosting unsupported-install	16	532	June 16, 2024
Fix broken images for posts created by the WP Discourse and RSS plugins Administrators wordpress , rss-polling , how-to	33	4453	August 20, 2021

Mixed content due to hotlinked images

Related topics