Suggestion Disable image proxying for images with ssl.

Discussion in 'Community Feedback and Suggestions' started by SystemUpdate_, Jul 1, 2015.

Thread Status:
Not open for further replies.
  1. Hello,

    I have a suggestion to only have the image proxy work on non-ssl images or, as browsers say.. insecure images. This would allow users to have dynamic signatures.
     
    • Agree Agree x 4
  2. That would be awesome. :)
     
  3. Camo respects cache headers so just update them accordingly.
     
  4. I have cache headers set to no cache yet it still caches my image.
     
  5. Try setting an "Expires" header.
     
  6. Will do tomorrow
     
  7. Have done, still caching it.
     
    • Agree Agree x 1
  8. It also still caches mine.
     
  9. Tux

    Tux

    Allowing SSL images to be loaded directly from the origin will violate the privacy of the user and lower page speeds. I do not recommend this be added. Instead, loosen the CloudFlare settings to essentially turn off caching if this is oh-so-clamoured for.

    Unrelated
    : Is it really that important to have a "dynamic signature" anyway?
     
    • Agree Agree x 5
    • Optimistic Optimistic x 1
  10. SSL Proxying has only been added recently, if someone wanted to harvest IP's then they would have a massive database by now, and there are many other ways of gathering users ip addresses. If they don't want to remove the proxying of ssl images then fine, there choice. I remember a issue with XenForo's proxy was that it didn't respect cache headers and that was one of the reasons why it was removed.
     
  11. Tux

    Tux

    That ignores my other concern, which is page load times. It's advantageous to load images from camo instead of all the TLS-secured sites because browsers can better utilize connections to one server rather than multiple. You still have CloudFlare to deal with regarding caching as well.

    Here's a HTTP response when I try to fetch your signature from the origin:
    Code (Text):
    < HTTP/1.1 200 OK
    < Date: Thu, 02 Jul 2015 17:22:01 GMT
    * Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 is not blacklisted
    < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
    < X-Powered-By: PHP/5.4.16
    < Expires: -1
    < Cache-Control: no-store, no-cache, must-revalidate, max-age=0
    < Cache-Control: post-check=0, pre-check=0
    < Pragma: no-cache
    < Content-Length: 3353
    < Content-Type: image/jpeg

    Ironically enough, you set a Content-Type of image/jpeg but the output is a PNG image, but that's beside the point.

    Here's the same response through Spigot's camo (scrubbing info CloudFlare tacks on):
    Code (Text):
    < HTTP/1.1 200 OK
    * Server cloudflare-nginx is not blacklisted
    < Server: cloudflare-nginx
    < Date: Thu, 02 Jul 2015 17:19:16 GMT
    < Content-Type: image/jpeg
    < Content-Length: 3042
    < Connection: keep-alive
    < Cache-Control: public, max-age=1800
    < Camo-Host: proxy.spigotmc.org
    < X-Frame-Options: deny
    < X-Xss-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
    < Strict-Transport-Security: max-age=0; includeSubDomains
    < Expires: Thu, 02 Jul 2015 17:49:16 GMT
    < Via: 1.1 vegur
    < CF-Cache-Status: HIT

    As you can see, while the origin requests no caching, CloudFlare appears to be set to cache aggressively and is ignoring your header, thus the issue. The fix is to loosen caching requirements.
     
  12. Sorry about missing your point, I agree with it. And will fix my header.
     
    #12 SystemUpdate_, Jul 2, 2015
    Last edited: Dec 12, 2015
  13. Bumpy bump because man this would be great.
     
    • Agree Agree x 1
  14. md_5

    Administrator Developer

    Not happening guys. There are also other benefits such as hiding the IP address of visitors.
     
    • Optimistic Optimistic x 2
    • Winner Winner x 1
Thread Status:
Not open for further replies.