I post pics from my own website (https://snyderworld.org) on here for years (15+ years?). Now my pics show red x's. (example : https://ck5.com/forums/threads/june-14th-1987.340428/#post-4087300 ) I have a redirect to https so all my old posts pic urls which have never changed work. Since about 3-4 years ago i use https nativly when I post. I switched years ago to SSL certs and it worked I know at least up until a month or two ago my pics used to show here. All the SSL website checkers show my site as trusted and good. -------- Results for https://snyderworld.org: Trusted Yes Mozilla Apple Android Java Windows CentOS AIX Solaris openSUSE Fedora -------- So why on CK5 are my pics from my website that I insert show as red x's all of a sudden when nothing on my end has changed for at least a year???
I'm my own host, servers in my basement! Always have been. I've been posting pics here for years from my website in this manner and they've always worked up until well I can only say about a month ago for sure. . I'm using the pic url or image insert and put in url as always. I can paste those urls to my browser and they show up just fine. They continue to work on other sites, just not here at ck5. Usually it's a result of your proxying engine not trusting the website or thinking the website from where the pic is coming from is not trusted, but all the ssl checker places show my cert's as good and website as trusted no issues. Definitely something here on this site blocking.
So I figured out what this is. Your forum software requires the pic hosting site to have HTTP Strict Transport Security (HSTS) enabled. I serve my own pics and have for years (since 2001), at some point SSL became a requirement, that's fine. I turned that on years ago. But recently pics stopped dispaying on ck5, until I turned on HSTS and pics I host in posts on ck5 re-appeared again, thankfully. HSTS however seems a rather extreme requirement and must be required by default in some upgrade to your forum at some point. SSL tls1.2+ should be sufficient, hsts is a directive on other (hosting) web servers to say I only accept https, which is already a requirement of your forum software,your forum won't serve pics from any http url any more and hasn't for a long while, which is fine. Basically it's saying I require https, which is great, but if you host things to anyone else via http I won't accept pics from your website even via https...which...seems a little extreme. Anyway, just an FYI. Probably nobody else cares because most people don't host their own pics. My old posts show pics again!!! Thanks!
Incidentally, your own website ck5.com does not have hsts turned on! Which is probably good as you might block people with older browsers if you did, which is why I say HSTS seems a rather extreme requirement for pics to show up on ck5 from other websites. (you can test your own server at https://www.ssllabs.com/ssltest/index.html)
