Try to force https instead of downloading remote images

#1 should get rewritten to and with that the whole http images on https site problem gets fixed.

This could probably get done by whitelisting common domains or checking if the site gives back 301 or 302 's to the https link.

Or even in the Editor itself, if it detects a http image link it could check if a https one exists too and put in a s in the URL.

This would be great for basically everybody – less admins would want to use the “download remote images” option and would save traffic that way but also the users get the images faster (Imgur will have a better CDN than your self-hosted Discourse).

(mountain) #2

When you mean ‘your small site’, do you mean every Discourse user who self-hosts? Or just the hosted Discourse instances offered by the devs?

As a different viewpoint: I prefer to have all remote images downloaded to me if the poster of the image wants that. If they don’t want their image on my server, I am okay with that too, and I’ll honor that. If imgur has a hiccup or ever goes down, then my inline images become broken. Pushing a hosting responsibility away from me and onto a third party leaves the chance that I have no control over what happens to the images served from that third party.

But I do agree there should be an option if an admin wishes to serve images from imgur or any other third party. And I also agree if a well-known site serves https, then it should reflect with links in the conversation to make sure the connection is always secure.


Yes I meant self-hosted Discourse installations with that. Not everybody can pay for CDN’s and why not use Imgur when they already host it?

Sure, but does the User know of the consequences? He may not know that he is uploading copyrighted Images.

This is another dangerous detail of downloading remote images. Discourse simply downloads every image that gets posted and possibly infringes copyrights etc.

(mountain) #4

Again, see above. If it does happen, then there’s plenty of options for a copyright holder to take action. DMCA/C&D. I’ve learned that trying to prevent things like that is only going to cause stress. Unless if your forum members are engaging in torrents/warez. if not, then you should be fine.

(Kane York) #5

You may be interested in the disabled image download domains admin setting.

Remote images will never be downloaded from these domains. Pipe-delimited list.

So you can go ahead and put in there.

(mountain) #6

That’s another good way of putting it too. I can control myself but I can’t micromanage a whole forum of members. Best to do damage control when variables such as people in groups is truly out of my hands and no amount of prior prevention can erase it.


That’s not what I’m interested in at all. Not sure why this would help me. I don’t want to download any remote images but at the same time use https for the images wherever possible.

(mountain) #8

It would at least allow you to block sites that you know have content you can’t or won’t post.

(Jeff Atwood) #9

This is not the reason the feature exists at all. Download remote images exists so that images can’t be pulled or remote sites go offline, breaking your post when the image disappears.

You can use protocol agnostic URLs as well, in many cases.

(mountain) #10

Exactly. As I expressed above in another reply to the OP: the integrity of my forum’s archive means everything to me. A few extra milliseconds (or even a full second or two) for someone in Australia to download images from my New Jersey location is, I think, a good trade off for a very long-term and important commitment.

(Jeff Atwood) #11

Well setting up a CDN is easy if you want better global load times for static assets. See the howto category under cdn.

(Dev Jyothichand) #15

Is this still a problem though? We live in 2014, it’s common place for people to download and re use images uploaded on the internet, whether it be a photo of natural sights, cities, faces of people, or snapshots from tv shows, games, films, books etc. Besides, most of the time, images from films, tv serials, games, books etc don’t hurt the owners significantly. I’ve seen it become a problem only when people take images from news articles, or from websites selling them.

As such, trying to stop people from putting good images simply because someone else owns them will just create more annoyances than anything else. You don’t want to be as restrictive of images as Wikipedia, do you? :stuck_out_tongue:

(Kane York) #16

As of Add "always https" declarations by riking · Pull Request #306 · discourse/onebox · GitHub, URLs will always be HTTPS :smiley:


Welp, I was kinda annoyed that it was “ignored” 6 months ago, but also glad now that it has been fixed now. Woo!