SSL

When you post a link or embed an image, it makes the SSL icon in the address bar show as the page showing an unsecure element.

That doesn't happen on sites like Facebook for instance.
Because Facebook doesn't allow you to embed images from third party sites.

And a link to a non-secure page is not an insecure element on the page, it's just stuff that's actually downloaded by the browser without SSL.

Either way, an insecure element on the page only applies to that one element and doesn't break the SSL of your site.
 
Because Facebook doesn't allow you to embed images from third party sites.

Either way, an insecure element on the page only applies to that one element and doesn't break the SSL of your site.
When I embed an image, it breaks the ssl in the address bar.
 
When I embed an image, it breaks the ssl in the address bar.
Yeah, just means something insecure was transferred by the browser when rendering the page. I was just pointing out that it doesn't actually break the underlying encryption/SSL on the page. If you care about what color the lock is in the address bar (personally, I don't on my site), you would need to proxy the images through something secure. For example have a script that you call the URL as the parameter, it downloads it and spits it out. The downside is it will be more bandwidth since all images would be going through your server then, and images would load a little slower since it has to go out and download them underneath it all.
 
Yeah, just means something insecure was transferred by the browser when rendering the page. I was just pointing out that it doesn't actually break the underlying encryption/SSL on the page. If you care about what color the lock is in the address bar (personally, I don't on my site), you would need to proxy the images through something secure. For example have a script that you call the URL as the parameter, it downloads it and spits it out. The downside is it will be more bandwidth since all images would be going through your server then, and images would load a little slower since it has to go out and download them underneath it all.
can you create an addon like that I'd pay for it?
 
That's only true for passive content, such as images. If you're mixing active content (e.g., pulling in scripts (over HTTP) that can affect the DOM), then you've negated the benefits of SSL and leave yourself open to MITM attacks.
 
can you create an addon like that I'd pay for it?
Well... I made the proxy script I use for my main home page here for images: https://www.digitalpoint.com/

There are a few things I don't like about it and one of these days I do need to just rewrite it from scratch, and I was planning on using it for images within posts for reasons that have nothing to do with the cosmetic lock in the URL bar, I just haven't had time to do all that yet... one of these days. :)
 
I use SSL all oover my site, wildcard certificate.

I feel that if you're transferring data, it should be encrypted.

Liam
 
I use SSL all oover my site, wildcard certificate.

I feel that if you're transferring data, it should be encrypted.

Liam
encrypt-all-the-things.png
 
Well... I made the proxy script I use for my main home page here for images: https://www.digitalpoint.com/

There are a few things I don't like about it and one of these days I do need to just rewrite it from scratch, and I was planning on using it for images within posts for reasons that have nothing to do with the cosmetic lock in the URL bar, I just haven't had time to do all that yet... one of these days. :)
Started rewriting my system to work better and extend it to handle images within posts...
 
The true image URL is encrypted so people can't simply utilize the proxy mechanism for their own stuff and leech your resources/bandwidth or use your servers for a DDoS attack proxy.
 
Top Bottom