1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Redirecting http links to images on server to https failing in Image Proxy

Discussion in 'Troubleshooting and Problems' started by Warchamp7, Sep 1, 2016.

  1. Warchamp7

    Warchamp7 Active Member

    Some but not all of a number of old image embeds are not getting proxied correctly.

    This is the error from the Test Image Proxy tool.

    <Image> could not be fetched or is not a valid image. The specific error message was: Received unexpected response code 301 (Moved Permanently)
    Why are some images getting proxied fine via this 301 response, and others are failing?
  2. Mike

    Mike XenForo Developer Staff Member

    This is a change from the security fix and, unfortunately, it's a very important component of it. When URLs are loaded in an "untrusted" context, we will no longer follow redirects.
  3. Warchamp7

    Warchamp7 Active Member

    What qualifies as "untrusted" because right now I'm simply allowing those images to still be accessed over http and letting the image proxy do it's usual thing as a workaround
  4. Mike

    Mike XenForo Developer Staff Member

    The image proxy is untrusted as it's taking URLs from unknown sources. Not following redirects is an important part of the fix. The only way to allow this right now would be to back out the security fix and I would certainly not recommend that (though the severity has a lot of variables).

    It's possible we could identify an alternative approach where we can maintain redirects in a future release, but currently, this is a necessary change. If these are images on your server, you may be able to change the URLs in the posts to directly load the https version.
    StarArmy likes this.
  5. Warchamp7

    Warchamp7 Active Member

    Can the proxy not be made to obey a redirect from the same host ex. http://site.com/image.png to https://site.com/image.png?
  6. Mike

    Mike XenForo Developer Staff Member

    At this point in time, no.
    Warchamp7 likes this.
  7. Kintaro

    Kintaro Well-Known Member

    maybe he can partially solve with a post content replace changing, at least, the images urls already posted from http to https?

Share This Page