it'd be great if mybb 2.0 shipped with its own image proxy so non-https resources (such as images and avatars used on a forum) are automatically proxied to avoid mixed content warnings in the browser.
right now the only solution, as far as I know, is to either use a plugin or write some custom code.
I'm sure this has already been suggested/discussed in the past, but I could be wrong. I'd definitely like to expand the HTTPS support in 2.0 with proxying for images and possibly redirection pages for non-ssl links.
(2016-04-14, 08:59 PM)Euan T Wrote: [ -> ]I'm sure this has already been suggested/discussed in the past, but I could be wrong. I'd definitely like to expand the HTTPS support in 2.0 with proxying for images and possibly redirection pages for non-ssl links.
I think it was discussed in another thread, but I think it warranted its own suggestion thread so it can be tracked more easily.
glad to hear that 2.0 is looking to broaden its horizon with https!
Hi,
Your feature suggestion has been accepted as a planned feature to be implemented in MyBB 2.0. Thanks for your contribution!
Mybb should push https completely by default by preferring a secure connection instead of legacy http.
(2016-04-24, 06:16 AM)request Wrote: [ -> ]Mybb should push https completely by default by preferring a secure connection instead of legacy http.
This is planned, which is why this topic is marked as planned
A little old topic, but I still would like to replay here. Wouldn't a feature like this make the forums more susceptible to DDoS attacks? Plus it will increase the site traffic a lot because of all third-party content will go thought your server. Also, you can potentially use the wrapper as a "real-proxy" as you wish... wouldn't be risky?
(2016-10-25, 02:30 PM)Neeeeeeeeeel.- Wrote: [ -> ]A little old topic, but I still would like to replay here. Wouldn't a feature like this make the forums more susceptible to DDoS attacks? Plus it will increase the site traffic a lot because of all third-party content will go thought your server. Also, you can potentially use the wrapper as a "real-proxy" as you wish... wouldn't be risky?
Usually things like the mail proxy and resource proxy are located on a server separate from the one where the forum is being hosted, mainly to prevent disclosing the main server's IP address, which is also our recommendation.
Most common setups involve a
HMAC value transmitted along with the requested URL, which allows to limit requests to those generated by the script (if you wanted to use the proxy externally, you'd have to e.g. preview a post to get the link including the HMAC since you're not able to generate it yourself if you don't know the secret key); an obvious protective measure would be to further limit the usage to requests with a referrer header indicating that the request came from the forum pages, and server administrators are free to configure it further using third party solutions to fit their needs.
Avatars can already be uploaded if you wish so that problem is solved.
I've solved the HTTPS problem by forcing all img and video tags to be HTTPS. Unsure what implementation MyBB plans to use but realistically an image proxy may not be the best solution to avoid mixed content.
And before statements are made about IP leaking I think the two issues should be separated even though both need solutions.
Quote:Mybb should push https completely by default by preferring a secure connection instead of legacy http.
Exactly. A global setting for "Forced HTTPS" with some changes could work just fine. If the team has questions on how I implemented 100% HTTPS on my site LMK.