Mixed content: Chrome blocking <img> at my site but not

0
votes

I have an HTTPS site that loads contents from an HTTP RSS feed. When trying to load the images, Chrome/Firefox blocks them with this message:

Mixed Content: The page at 'mysite.com/index.php' was loaded over HTTPS, but requested an insecure image 'http://www.example.com/2017021411050.jpg'. This request has been blocked; **the content must be served over HTTPS**.

However, if I load the same feed in Feeldy, I can see all the images despite Feedly's site is also loaded through HTTPS. In the Feedly case, the browser shows just a warning:

The page at 'https://feedly.com/i/subscription/feed/http://www.example.com/rss.php' was loaded over HTTPS, but requested an insecure image 'http://www.example.com/2017021411050.jpg'. **This content should also be served over HTTPS**.

Why Feedly can bypass the mixed-content block and is getting just a warning while I'am getting a block?

2
htmlmixed-content

2 Answers

1
votes

Firefox and chrome are both secure browsers but I'm not sure what Feedly exactly is. Firefox and chrome block them because they think it's not secure to load a HTTP image in a HTTP website but Feedly doesn't care so he thinks just giving a warning is enough. But I know a solution to fix this for example you got this URL 

http://otherdomain.com/image.jpg

which is a HTTP , then you change it like 

https://example.com/imageserver?url= //here put your image url

this trick will make the browser think you are loading the image over a HTTPS URL like below

https://example.com/imageserver?url=http://otherdomain.com/image.jpg&hash=abcdeafad
-1
votes

When parsing the RSS feed you're also retrieving the image urls.

Lets say the image url is http://externalsite.com/someimage.jpg.

You rewrite this URL as https://example.com/image?url=http://externalsite.com/someimage.jpg&hash=1234567.

Now the browser always makes the request over https, and you get rid of the problems.