1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add-on Image Embed Script for Keeping SSL Secure

Discussion in 'Resource and Add-on Requests' started by DRE, Jan 4, 2014.

  1. DRE

    DRE Well-Known Member

    I need an addon or script that will make the address bar show that the SSL on my site is still secure even when embedding an outside image.

  2. thedude

    thedude Well-Known Member

  3. DRE

    DRE Well-Known Member

    I've used that addon before. I like it but I did not like how many attachements I ended up having. I'm not asking for the images to be rehosted.
  4. thedude

    thedude Well-Known Member

    There's no way to ensure your visitor's browsers won't show a broken SSL icon if you're embedding insecure pictures and other content. On our SSL forum we proxy (rehost) the insecure pictures to prevent the broken icon and only allow embedding of video sites that use SSL (YouTube, Vimeo, FB).

    No other way around it other than disabling embeds.
  5. DRE

    DRE Well-Known Member

    That's what I'm asking for in the addon request thread cause I don't know how to do that. Haven't seen a tutorial on that. @digitalpoint says it requires a script and that he might create a new one but I'm not sure if he'd ever release it which is why I'm asking here.
  6. DRE

    DRE Well-Known Member

    I see that this explains how to do it but I don't know how to do all of that.


    Say you have an image URL like http://otherdomain.com/someimage.jpg.

    You rewrite this URL as https://mydomain.com/imageserver?url=http://otherdomain.com/someimage.jpg&hash=abcdeafad.

    This way, the browser always makes request over https, so you get rid of the problems.

    The next part - create a proxy page or servlet that does the following -

    1. Read the url parameter from the query string, and verify the hash
    2. Download the image from the server, and proxy it back to the browser
    3. Optionally, cache the image on disk

    blah blah more in the article.
  7. DRE

    DRE Well-Known Member

  8. RoldanLT

    RoldanLT Well-Known Member

    I'm interested on this.
    I am using https on my forum as requirement of SPDY :)
  9. DRE

    DRE Well-Known Member

    RoldanLT likes this.

Share This Page