Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: Forum Avatar  (Read 1152 times)


  • Hero Member
  • *****
  • Posts: 774
Forum Avatar
« on: September 22, 2016, 11:53:37 AM »

The Forum Avatar element of a user's profile seems to accept ONLY "http" URLs and NOT "https" URLs.  Please allow the latter.  Why?  Because as the forum operates in HTTPS mode, no referrer field is sent for fetching an external http URL (including images) by most browsers (by default).  This means that if the web site hosting the image protects itself against cross-site bandwidth stealing by using the referrer field, the request for the image will always be denied.

When an HTTPS page is served and the image elements are also requested via HTTPS, the referrer header is sent, thus granting access to the image.

Note the proposed draft RFC that is coming regarding referrer control: