• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Add-on Image Embed Script for Keeping SSL Secure

DRE

Well-known member
#1
I need an addon or script that will make the address bar show that the SSL on my site is still secure even when embedding an outside image.

When I embed an image, it breaks the ssl in the address bar.
Yeah, just means something insecure was transferred by the browser when rendering the page. I was just pointing out that it doesn't actually break the underlying encryption/SSL on the page. If you care about what color the lock is in the address bar (personally, I don't on my site), you would need to proxy the images through something secure. For example have a script that you call the URL as the parameter, it downloads it and spits it out. The downside is it will be more bandwidth since all images would be going through your server then, and images would load a little slower since it has to go out and download them underneath it all.
If you're not looking to build your own proxy for this, there are services like embed.ly that do just this, for a cost of course.
 

thedude

Well-known member
#4
I need an addon or script that will make the address bar show that the SSL on my site is still secure even when embedding an outside image.
I've used that addon before. I like it but I did not like how many attachements I ended up having. I'm not asking for the images to be rehosted.
There's no way to ensure your visitor's browsers won't show a broken SSL icon if you're embedding insecure pictures and other content. On our SSL forum we proxy (rehost) the insecure pictures to prevent the broken icon and only allow embedding of video sites that use SSL (YouTube, Vimeo, FB).

No other way around it other than disabling embeds.
 

DRE

Well-known member
#5
On our SSL forum we proxy (rehost) the insecure pictures...
That's what I'm asking for in the addon request thread cause I don't know how to do that. Haven't seen a tutorial on that. @digitalpoint says it requires a script and that he might create a new one but I'm not sure if he'd ever release it which is why I'm asking here.
 

DRE

Well-known member
#6
I see that this explains how to do it but I don't know how to do all of that.

http://stackoverflow.com/questions/3011222/dealing-with-http-content-in-https-pages

Say you have an image URL like http://otherdomain.com/someimage.jpg.

You rewrite this URL as https://mydomain.com/imageserver?url=http://otherdomain.com/someimage.jpg&hash=abcdeafad.

This way, the browser always makes request over https, so you get rid of the problems.

The next part - create a proxy page or servlet that does the following -

  1. Read the url parameter from the query string, and verify the hash
  2. Download the image from the server, and proxy it back to the browser
  3. Optionally, cache the image on disk

blah blah more in the article.