A good part might be resolved by simply forcing the HTTP images to load over HTTPS, however a significant part of embedded images won't be available over HTTPS. One can argue to simply deny those images when SSL is enabled, but for existing boards with dozens (or thousands) of old posts with embedded images that won't be a good solution either.
I think it would be a good thing for phpBB to provide a camo proxy for those images. I think the route should be something like:
Code: Select all
$protocol = strstr($image_url, '://', true);
$remain = str_replace($protocol, '', $image_url);
if ($protocol != 'https')
{
if (url_exists('https' . $remain))
{
return 'https' . $remain;
}
else
{
return camo($image_url);
}
}
else
{
return $image_url;
}
In before "create an extension"
I think that since SSL is going to be the standard way to serve any website that has some kind of login or private section. Therefore this really should be included in the core.