December 24, 20169 yr Currently the forum software just embeds the profile picture and embedded images in posts. This is a security risk for multiple reasons. 1. The linked website could use this to exploit security bugs in outdated browsers. 2. It is possible to see the IP address of every user who loads the picture (i didn't test this but the browser accesses the image on the original website). 3. The images are (if the link doesn't use https) served over http. By the way, i got an error because my profile picture was served over http, i changed the link to https and when i logged in today i noticed that the image is gone, was it automatically removed because of the https link? UPDATE: Just tried to set a custom profile picture and it just failed without an error when trying to use https link, the image is hosted on "i.imgur.com".
December 24, 20169 yr I don't have time at the moment, but I've been told recently somewhere, it's for security reasons that https links don't allow embedded images or videos. Just change the link to http and it will display. Something I found by trial and error was that if I use the youtube embed form, without all the iframe stuff, then it only shows the URL, not the embed. e.g www.youtube.com/embed/xyxyxyxyyxxyxyxyxyxyxy
December 24, 20169 yr Author it's for security reasons that https links don't allow embedded images or videos. HTTPS doesn't allow embedded http links. A website can disable/prevent getting embedded as an iframe but it has nothing to do with http/https.
December 24, 20169 yr I can see that when I don't have time to fully understand what was being posted, I should keep my mouth shut, until I do have time! Neither of us understood what the other was trying to say, and that's first of all my fault. I tried to be helpful, and make 2 points but both were rushed and poorly expressed. What I should have said was that "it's my understanding that for security reasons the forum software does not allow embedded images and videos using https links to display, but if you make them http links the embedded images and videos are allowed to display". But I'm no longer positive that is the same problem you were posting about. Then, thinking it was relevant, I wanted to expose a trick I found to make URL's display as URL's, not as embedded videos and images, something that is currently really hard to do. But it's not relevant to what you were posting about, so I'll post about it somewhere else.
December 24, 20169 yr Author What I should have said was that "it's my understanding that for security reasons the forum software does not allow embedded images and videos using https links to display, but if you make them http links the embedded images and videos are allowed to display". But I'm no longer positive that is the same problem you were posting about. I was posting about it as well (the problem with my profile picture, https links are for some reason blocked or just not embedded) but it has nothing to do with the biggest problem, images are displayed directly/not cached.
Archived
This topic is now archived and is closed to further replies.