0

My site is loading images from other sites and this is causing warnings when I implemented HTTPS instead of plain HTTP. I know why this is happening but I'm wondering how to correct.

Best solution I have seen is here, but I don't understand how that works.

The poster suggests prepending https://example.com/imageserver?url= to the image url. This doesn't work. So what am I missing? What is imageserver?

I hope this makes sense, I'm not sure if I'm not just missing something obvious here.

Community
  • 1
  • 1
Paul
  • 328
  • 1
  • 5
  • 17

1 Answers1

1

imageserver could be a php script that fetch the image and display its contents.

a very simple example, not very safe

echo file_get_contents($_GET['url']);

The idea here is that the browser now gets the images from your secure server instead of the original non-https server.

MarcHoH
  • 340
  • 1
  • 6
  • I see. So when you say not very safe, why? I guess because the I would need to rewrite the file to ensure it is clean? – Paul Sep 04 '16 at 12:17
  • And should I be saving these files to my server or just displaying them from memory? – Paul Sep 04 '16 at 12:18
  • There are indeed no checks to make sure the file is clean. Maybe someone want to use this functionality to serve malware. That will be then be served through your server, so that's no good. And yes it is a good idea to save the files temporary (24 hours or so) on your server if you have enough space. That will save you some bandwidth. – MarcHoH Sep 04 '16 at 12:37
  • Thanks I'm looking closer at how this is done today. – Paul Sep 06 '16 at 12:57