Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Profile Pictures and Embedded Images

Featured Replies

Currently the forum software just embeds the profile picture and embedded images in posts. This is a security risk for multiple reasons.

 

1. The linked website could use this to exploit security bugs in outdated browsers.

 

2. It is possible to see the IP address of every user who loads the picture (i didn't test this but the browser accesses the image on the original website).

 

3. The images are (if the link doesn't use https) served over http.

 

By the way, i got an error because my profile picture was served over http, i changed the link to https and when i logged in today i noticed that the image is gone, was it automatically removed because of the https link?

 

UPDATE: Just tried to set a custom profile picture and it just failed without an error when trying to use https link, the image is hosted on "i.imgur.com".

I don't have time at the moment, but I've been told recently somewhere, it's for security reasons that https links don't allow embedded images or videos.  Just change the link to http and it will display.

 

Something I found by trial and error was that if I use the youtube embed form, without all the iframe stuff, then it only shows the URL, not the embed.  e.g www.youtube.com/embed/xyxyxyxyyxxyxyxyxyxyxy

  • Author

it's for security reasons that https links don't allow embedded images or videos.

 

HTTPS doesn't allow embedded http links. A website can disable/prevent getting embedded as an iframe but it has nothing to do with http/https.

I can see that when I don't have time to fully understand what was being posted, I should keep my mouth shut, until I do have time!  Neither of us understood what the other was trying to say, and that's first of all my fault.  I tried to be helpful, and make 2 points but both were rushed and poorly expressed.  What I should have said was that "it's my understanding that for security reasons the forum software does not allow embedded images and videos using https links to display, but if you make them http links the embedded images and videos are allowed to display".  But I'm no longer positive that is the same problem you were posting about.

 

Then, thinking it was relevant, I wanted to expose a trick I found to make URL's display as URL's, not as embedded videos and images, something that is currently really hard to do.  But it's not relevant to what you were posting about, so I'll post about it somewhere else.

  • Author

What I should have said was that "it's my understanding that for security reasons the forum software does not allow embedded images and videos using https links to display, but if you make them http links the embedded images and videos are allowed to display".  But I'm no longer positive that is the same problem you were posting about.

I was posting about it as well (the problem with my profile picture, https links are for some reason blocked or just not embedded) but it has nothing to do with the biggest problem, images are displayed directly/not cached.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.