• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Redirecting http links to images on server to https failing in Image Proxy

Warchamp7

Active member
#1
Some but not all of a number of old image embeds are not getting proxied correctly.

This is the error from the Test Image Proxy tool.

Code:
<Image> could not be fetched or is not a valid image. The specific error message was: Received unexpected response code 301 (Moved Permanently)
Why are some images getting proxied fine via this 301 response, and others are failing?
 

Mike

XenForo developer
Staff member
#2
This is a change from the security fix and, unfortunately, it's a very important component of it. When URLs are loaded in an "untrusted" context, we will no longer follow redirects.
 

Warchamp7

Active member
#3
What qualifies as "untrusted" because right now I'm simply allowing those images to still be accessed over http and letting the image proxy do it's usual thing as a workaround
 

Mike

XenForo developer
Staff member
#4
The image proxy is untrusted as it's taking URLs from unknown sources. Not following redirects is an important part of the fix. The only way to allow this right now would be to back out the security fix and I would certainly not recommend that (though the severity has a lot of variables).

It's possible we could identify an alternative approach where we can maintain redirects in a future release, but currently, this is a necessary change. If these are images on your server, you may be able to change the URLs in the posts to directly load the https version.
 

Warchamp7

Active member
#5
The image proxy is untrusted as it's taking URLs from unknown sources. Not following redirects is an important part of the fix. The only way to allow this right now would be to back out the security fix and I would certainly not recommend that (though the severity has a lot of variables).

It's possible we could identify an alternative approach where we can maintain redirects in a future release, but currently, this is a necessary change. If these are images on your server, you may be able to change the URLs in the posts to directly load the https version.
Can the proxy not be made to obey a redirect from the same host ex. http://site.com/image.png to https://site.com/image.png?