forum img code changed?

DereksDontRun · 8 Aug 2020 at 19:41

Sorry if this is the wrong place, I cannot find a "forum issues/bugs" section.

I've noticed images that I've used on this forum used to display fine in the post, but now dont, only providing an icon...

It seems that if I host an image on imgur then it will work with img tags, but if I host it on my own webspace then it doesn't (but used to)...

Has the code/requirements changed?

e.g.

works but the same image hosted myself doesn't:

have there been restrictions where img allows links from?

Also... there's bug when editing the post...
my own web-linked image isn't shown in the edit page, it's just blank space that I cannot edit, to change the link. I need to click on the "use BB Code Editor" to see the img text and do anything. V weird...

Malevolence · 8 Aug 2020 at 19:43

Am I missing something here? Both images are showing up just fine.

Tony Edwards · 8 Aug 2020 at 19:50

DereksDontRun said:
Sorry if this is the wrong place, I cannot find a "forum issues/bugs" section.

I've noticed images that I've used on this forum used to display fine in the post, but now dont, only providing an icon...

It seems that if I host an image on imgur then it will work with img tags, but if I host it on my own webspace then it doesn't (but used to)...

Has the code/requirements changed?

have there been restrictions where img allows links from?

Also... there's bug when editing the post...
my own web-linked image isn't shown in the edit page, it's just blank space that I cannot edit, to change the link. I need to click on the "use BB Code Editor" to see the img text and do anything. V weird...

Have you got a script blocker? I used to get that recently as well until I pointed it out and I think it was google-analytics.com that I had blocked. Can see all the ones I couldnt before and both of yours.

Whoop said:
I can see them all, have you got a blocker running that might stop it? (disable and reload to test maybe)

DereksDontRun · 8 Aug 2020 at 20:01

ok, I feel dumb now...

it works all ok on Edge, but not on Chrome. Sorry to bother - pebcak...

now, to work our what in Chrome is stopping it...

DereksDontRun · 8 Aug 2020 at 20:01

I'm also confused how a script blocker would be blocking my own webhost tho :S

andy_mk3 · 8 Aug 2020 at 20:02

Fail

Adblock of any kind installed?

DereksDontRun · 8 Aug 2020 at 20:07

only ad blocker I've got running is uBlock and it still doesn't work when I disable it. I've disabled all extensions and still not working, hmm...

Dave M · 8 Aug 2020 at 20:17

Did you change your IP recently? Or maybe you played with hosts for testing? Maybe chrome://net-internals/#dns

Also, press F12, select Console tab, refresh page with the broken image.

Ahh, is your chrome blocking loading http resources on a https page?

DereksDontRun · 8 Aug 2020 at 20:29

right, I've rest Chrome and all its settings, removed all extensions and it's still not working

looking at console (good idea Dave) - it lists:

Code:

[*]Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
[*]GET https://www.dereksdontrun.com/bike/200807.jpg net::ERR_CERT_COMMON_NAME_INVALIDGET
[*]https://forums.overclockers.co.uk/style/default/xenforo/gradients/navigation-tab.png 404 (Not Found)
[*]A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.

so, the error linked to my webhost is:
"net::ERR_CERT_COMMON_NAME_INVALID"
now, any idea how to fix?

DereksDontRun · 8 Aug 2020 at 20:32

If I go to the weblink directly it works fine, just won't show when called from this site. (so, I'm guessing anything like my window's hosts file would nuke being able to see it directly)

Pho · 8 Aug 2020 at 20:33

DereksDontRun said:

right, I've rest Chrome and all its settings, removed all extensions and it's still not working

looking at console (good idea Dave) - it lists:

Code:

[*]Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
[*]GET https://www.dereksdontrun.com/bike/200807.jpg net::ERR_CERT_COMMON_NAME_INVALIDGET
[*]https://forums.overclockers.co.uk/style/default/xenforo/gradients/navigation-tab.png 404 (Not Found)
[*]A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.

so, the error linked to my webhost is:
"net::ERR_CERT_COMMON_NAME_INVALID"
now, any idea how to fix?

Are you running HTTPS Everywhere or something?

The problem is your personal site doesn't support https (only http) and Chrome is trying to upgrade your link to use HTTP.

edit: your site does support https but you get a certificate warning as it's not using a valid certificate.

Dave M · 8 Aug 2020 at 20:35

It says it's upgraded it to https i.e.
https://www.dereksdontrun.com/bike/200807.jpg

That won't work because your cert is not valid - you can accept it when loading it on it's own but you just won't see it as a resource:

Code:

This server could not prove that it is www.dereksdontrun.com; its security certificate is from bpweb.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

GravyMonster · 8 Aug 2020 at 20:36

There's a certificate error on your personal site, so you cannot access its unsecure content from a secure domain.

DereksDontRun · 8 Aug 2020 at 20:37

ah, ok - so I need to poke my webhost to renew their certs?

is there any easy way to check this, so I can get them to verify?
*edit* dumb question - just click the https link of the image

*edit 2* no, I'm being dumb again... if it's my webhost, then it wouldn't work for you guys?

So, how is it working for you all, but not in my Chrome? I guess there's some setting here that's changing it to https over http??? (starting to clutch at straws for lack of knowledge)

DereksDontRun · 8 Aug 2020 at 20:46

right.. that's got it...

thanks guys... bloody chrome...

I had to edit site-settings and then allow insecure content for this forum...

engadget post seems to suggest it's new security being phased into Chrome, to auto block http requests from https sites.

so - ultimately my webhost hasn't got their certs in order, and Chrome is just being overly careful?

Blackjack Davy · 8 Aug 2020 at 22:46

Are you seeing an [IMG ] message instead of picture? Because I get those on occasion and I'm not using Chrome and I'm not sure whats responsible for it. Ironically enough both your pictures display fine however.

Pho · 9 Aug 2020 at 00:05

DereksDontRun said:
so - ultimately my webhost hasn't got their certs in order, and Chrome is just being overly careful?

Usually they'll charge you for generating a valid certificate for HTTPS support - you're currently seeing an error because the site is just using their default certificate which is only valid for the domain https://www.bpweb.net/.

Most if not all of the good modern hosts will let you use free SSL certificates issued by https://letsencrypt.org/ which you can configure in your admin panel with a couple of clicks.

It's all part of a drive to make all websites HTTP: Google penalises websites that aren't, and Chrome etc are now starting to block loading content from unsecure sites too as you've found.