Third party Unfurl function not reading image secure_url from source site

dknife

dknife

Well-known member
Affected version
2.1
I assume it's taking the og:image metadata for the image. Example:

artelw.com

Artel

Artel
artelw.com artelw.com

Source shows an og:image and an og:image:secure_url however only the og_image is used therefore it's causing browser warnings for unsecure images.

This has nothing to do with using a proxy or not either.
 
dknife said:
This has nothing to do with using a proxy or not either.
Click to expand...
That's not strictly true.

The proxy is significant as having image proxy enabled entirely mitigates the issue, as it does here.

While the secure version of the URL is part of the open graph spec, we don’t necessarily aim to support it and it isn’t required. Over time I suspect it will become irrelevant and no longer used. Many sites will just provide the secure version in the standard image field, as we do in XF.

So we won’t be making any changes here.
 
The point was we shouldn't have to enable proxy to mitigate the issue where a simple check for secure url that's part of the spec is a negligible change.
 
If you’re running over SSL then you should be running the image proxy as it is as otherwise you wouldn’t be able to prevent insecure content warnings.

It’s non sensical to provide an image over two different URLs so really it’s their own metadata and a lack of image proxy that’s the problem.
 

Similar threads

tourmeister
Attachment images not appearing in post body after database restore
Replies
13
Views
660
Kirby
K
digitalpoint
CSRF token not always updated with XF.KeepAlive.refresh()
Replies
11
Views
1K
digitalpoint
digitalpoint
Satal
  • Question Question
MG 2.2 Older media not showing
Replies
1
Views
679
Satal
Satal
Cyberkef
Fixed Image Proxy: Some (valid) webp images throw "invalid type" error
Replies
3
Views
2K
Chromaniac
Chromaniac
Fullmental
XF 2.2 Using REST API to post a media item, no documentation. Help please?
Replies
4
Views
1K
Schaken
Schaken
Top Bottom