https:// error relating to images - Chrome

[Jason76]

I had recently ordered a https:// (pro) for http://funbizforum.com However, on Chrome, "insecure images" still prevent my site from being shown as safe, despite the https://

How to fix? Well, I have heard that changing each individual image to https:// is one way. Does anyone know other ways?

 

[Page]

Are images also in the same server and insecure. I had the same problem with two to three and So I uploaded to imgr image site that will automatic be secure.

Images are always a pain. But check you settings and if using cloudflare Kr similar then enable a option that redirect the images to https

 

[Azareal]

There is a way, but it's a little nasty. If I recall, there is a header which kills all images which aren't served over HTTPS.

 

[Jordan]

Hey @Jason76 , are these images being loaded from forum posts? If so you have to enable image proxy.

On forums, when users use the image bb code, the image may not be coming from a https connection. The image proxy will then basically make it so the image is coming from your site via your https url. Something like this:
https://funbizforum.com/proxy.php?image=

Go to your ACP and go to Message Options in the options section:
https://funbizforum.com/admin.php?options/list/messageOptions

Scroll down until you see "Image and Link Proxy" check the image proxy check box, and set a secret key (can be anything)

Also on top of this, it looks like your background image is using http:// instead of https:// so that will be the cause of your homepage for not being secured properly:
http://dohtheme.com/demo/xenforo/styles/pad/xenforo/img/bodywallpaper.jpeg

it's in your extra.less file. Search for this ".bodyBackground_overlay__bottom::before"
Then just change the http:// to https://

 

[Carlos X]

Hey @Jason76 , are these images being loaded from forum posts? If so you have to enable image proxy.

On forums, when users use the image bb code, the image may not be coming from a https connection. The image proxy will then basically make it so the image is coming from your site via your https url. Something like this:
https://funbizforum.com/proxy.php?image=

Go to your ACP and go to Message Options in the options section:
https://funbizforum.com/admin.php?options/list/messageOptions

Scroll down until you see "Image and Link Proxy" check the image proxy check box, and set a secret key (can be anything)

Also on top of this, it looks like your background image is using http:// instead of https:// so that will be the cause of your homepage for not being secured properly:
http://dohtheme.com/demo/xenforo/styles/pad/xenforo/img/bodywallpaper.jpeg

it's in your extra.less file. Search for this ".bodyBackground_overlay__bottom::before"
Then just change the http:// to https://

Or you could just go to ACP > Appearance and look in style properties. Not hard.

Proxies are usually for on-posts propagation. I wouldn't recommend it. Read carefully in the ACP about what it does (especially in the screencap you just showed in there). It buffers your image through a proxy so if you turn it off or something to that effect, it's still there, but it will result in different URL's. Just sayin'.

I don't use it because if someone posts an image that isn't mine, I can be blamed for it. Since most proxied images/links mask what you embed.

 

[Jordan]

Or you could just go to ACP > Appearance and look in style properties. Not hard.

That doesn't fix the issue of insecure images that get posted on the forums.

But yes, take his advice and do read the ACP carefully. especially this part "Proxying of images is especially important if you are running your site through SSL (HTTPS)" I highly recommend it.

 

[Carlos X]

Or you could just go to ACP > Appearance and look in style properties. Not hard.

That doesn't fix the issue of insecure images that get posted on the forums.

Yes, as I said, it's not recommended. Because, as I said, if I post an offsite image from a porn site, and you want to sue me for posting it, guess who's the blame? Not the poster (me), it's you (owner).

Because the proxy shows YOUR link, and not the off site's. Dangerous.

That's why I spent time looking through Appearence area of ACP and fixing the HTTP areas and replacing it with https. I finally got it 100% padlocked. 🙂

 

[Jordan]

Or you could just go to ACP > Appearance and look in style properties. Not hard.

That doesn't fix the issue of insecure images that get posted on the forums.

Yes, as I said, it's not recommended. Because, as I said, if I post an offsite image from a porn site, and you want to sue me for posting it, guess who's the blame? Not the poster (me), it's you (owner).

Because the proxy shows YOUR link, and not the off site's. Dangerous.

I'm just going to assume you don't really know what the image proxy is for. You always go to the extreme. First of all, websites can disable hotlinking their images to prevent people from linking the images on other sites. You also wouldn't be sued. If in the rare off chance someone contacts you to remove their image from your site, then you just remove it. Simple as that.

XenForo's and Keir's explanation:
https://xenforo.com/community/threads/exif-rotation-acp-searching-proxying-and-change-logging.66592/

XenForo community recommending it:
https://xenforo.com/community/threads/what-is-proxy-links-and-proxy-images.81020/

Any XenForo forum running on HTTPS should have image proxy enabled. The XenForo devlopers themselves recommend it. Forum Promotion even does. As evidenced by the image in your signature:

https://forumpromotion.net/proxy.php?image=https%3A%2F%2Fwww.destroyrepeat.com%2Fimgs%2FCarlosX360DR.png&hash=1b6db478ad7436b139e5e5a89387ac0f

The only downside to using an image proxy is that you will use more bandwidth.

 

[Carlos X]

I'm just going to assume you don't really know what the image proxy is for. You always go to the extreme.

Well, porn site is a bit too extreme, I agree, but I've seen people spamming those links to "Free Downloads of movies!" A few times, on any one of my sites. I don't want people to think that's my link.

First of all, websites can disable hotlinking their images to prevent people from linking the images on other sites. You also wouldn't be sued. If in the rare off chance someone contacts you to remove their image from your site, then you just remove it. Simple as that.

Exactly, but you never know - people will do things for any bullshit these days.

XenForo's and Keir's explanation:
https://xenforo.com/community/threads/exif-rotation-acp-searching-proxying-and-change-logging.66592/

XenForo community recommending it:
https://xenforo.com/community/threads/what-is-proxy-links-and-proxy-images.81020/

Any XenForo forum running on HTTPS should have image proxy enabled. The XenForo devlopers themselves recommend it.

That's great information for everyone! 🙂

Forum Promotion even does. As evidenced by the image in your signature:

https://forumpromotion.net/proxy.php?image=https%3A%2F%2Fwww.destroyrepeat.com%2Fimgs%2FCarlosX360DR.png&hash=1b6db478ad7436b139e5e5a89387ac0f

The only downside to using an image proxy is that you will use more bandwidth.

Exactly. That's what I meant.

 

[Jordan]

Well, porn site is a bit too extreme, I agree, but I've seen people spamming those links to "Free Downloads of movies!" A few times, on any one of my sites. I don't want people to think that's my link.

People can also upload porn images as attachments on your site and it will be your link. What do you do with that content and those users? You delete the content and ban the user. The same thing applies if you use an image proxy.

 

[Carlos X]

Well, porn site is a bit too extreme, I agree, but I've seen people spamming those links to "Free Downloads of movies!" A few times, on any one of my sites. I don't want people to think that's my link.

People can also upload porn images as attachments on your site and it will be your link. What do you do with that content and those users? You delete the content and ban the user. The same thing applies if you use an image proxy.

I will just agree to disagree. 🙂

 

[Jason76]

I think the solution is simply to go into the css and make all image links https://

The problem, though, is figuring out where in the css the links are!

 

[Jordan]

I think the solution is simply to go into the css and make all image links https://

The problem, though, is figuring out where in the css the links are!

Your homepage image that is causing the issue is here:

Also on top of this, it looks like your background image is using http:// instead of https:// so that will be the cause of your homepage for not being secured properly:
http://dohtheme.com/demo/xenforo/styles/pad/xenforo/img/bodywallpaper.jpeg

it's in your extra.less file. Search for this ".bodyBackground_overlay__bottom::before"
Then just change the http:// to https://

 

[Jason76]

I think the solution is simply to go into the css and make all image links https://

The problem, though, is figuring out where in the css the links are!

Your homepage image that is causing the issue is here:

Also on top of this, it looks like your background image is using http:// instead of https:// so that will be the cause of your homepage for not being secured properly:
http://dohtheme.com/demo/xenforo/styles/pad/xenforo/img/bodywallpaper.jpeg

it's in your extra.less file. Search for this ".bodyBackground_overlay__bottom::before"
Then just change the http:// to https://

Yeah @Carlos X already spotted the solution, but I've just now seen it.

 

[Jason76]

No, sorry that area doesn't contain the link. Any other idea?

 

[Jordan]

No, sorry that area doesn't contain the link. Any other idea?

What does it contain?

 

[Jason76]

No, sorry that area doesn't contain the link. Any other idea?

What does it contain?

Removed for Security

 

[Jordan]

Then it's probably in the dt_extra.less file

 

[Jason76]

Don't see it

Removed for security

 

[Jordan]

Can you go to your ACP search and type "dt_pad_bg" one of the first search result should be the style option to change the image URL