Reputation: 550
User submitted images with http:// urls are causing browsers to warn that the page is not secure
I'm working for a forum owner who allows users to submit hotlinked images from other domains in their posts. If they choose to use an http version of the URL, the otherwise clean page becomes insecure in the eyes of a browser, which some percentage of the time triggers a worried email from certain users.
I can't rewrite the urls, since I can't code against the assumption that future off site images will have https available. For the same reason, I can't use protocol relative src attributes. I'm unwilling to fetch and cache the images on our server just so that they can be served over https, because of the computational expense involved.
What can I do? Is there some piece of HTML syntax or some similar which I can use to tell the browser "This image doesn't matter, and doesn't constitute a security threat"?
Upvotes: 0
Views: 25
Answers (1)
Reputation: 2572
This isn't possible. The image may not constitute a security threat but MITM attacks could still lead to images other than the intended one being loaded over the network, and who knows what an attacker may want to supplant that image with. My suggestion would be to pass the annoyance on to your users and tell them they can only use https URLs.
Upvotes: 1
Related Questions
- Dealing with HTTP content in HTTPS pages
- image link is broken when embedded into my homepage
- Why are HTTP images not appearing in HTTPS application?
- Mixed-content warning from Chrome 87 when accessing HTTP image source from an HTTPS page
- Preventing secure/insecure errors by using protocol relative URLs for image source
- How can I fix insecure loaded images on wordpress page?
- Images uploaded in wordpress have http rather that https in URL
- https and images from another site. How to remove warnings for http images using php or javascript without modifying .htaccess file?
- plain http image on https/ssl page = warning
- plain http images with a https/ssl page