hubot-shipit icon indicating copy to clipboard operation
hubot-shipit copied to clipboard

Published 20 hours ago verified publisher icon hubot-scripts

Images are insecure

Open chapmanc opened this issue 8 years ago • 2 comments

Some of the ship-it images come from http rather than https. Security issue.

chapmanc avatar Jan 07 '16 21:01 chapmanc

Many of them don't have valid https, ie http://images.cheezburger.com/completestore/2011/11/2/aa83c0c4-2123-4bd3-8097-966c9461b30c.jpg . Do you have any suggestions of how to deal with that?

What would happen if they remained behind http?

technicalpickles avatar Jan 08 '16 23:01 technicalpickles

http://security.stackexchange.com/questions/38893/exploiting-http-content-in-https-page

You could host those images behind a secure site? Publicly shared dropbox? In our case I simply removed the http urls. It's not a problem mixing http/https content until it's a problem.

chapmanc avatar Jan 09 '16 00:01 chapmanc