I have seen the answers to Is it OK to HTTP redirect images. It is a YES - browsers would follow redirection.
However, do email clients (GMail, Express, Thunderbird, Yahoo...) follow the same rule?
I just answered this at superuser. Here is the same answer:
Yes. I just sent an email containing <img src="http://www.example.com/img/logo.png" alt="not displayed"/>. The example server is in my control in redirects to the same URL with https.
My findings:
GMail on 24 Oct 2017: It displays the image, but replaces it's location to something like https://ci3.googleusercontent.com/proxy/2ks...5hk=s0-d-e1-ft#http://www.example.com/img/logo.png. I guess that all browsers follow redirects and therefore all webmail interfaces should be fine.
Thunderbird 52.4.0: It doesn't load remote content by default, but after allowing it, the image gets displayed correctly.
Evolution 3.18.5.2: Same as Thunderbird. Once you load images via Ctrl+I, it's displayed.
Outlook (unknown version): A colleague confirmed that it's displaying on their Windows machine.
Mail on macOS (10.3): Another colleague confirmed that it's displaying when they re-open the email. It might just be that the image took a few seconds to load, not sure.
Related
I built my website with github-pages. (Jekyll)
It opened well in web browser like chorme (pc, mobile both), Internet Explorer or something else.
But, the problem is that it cannot be opened in Wechat App (Android, iOS both). My access region is South-Korea (not china, for your information about chinese regulation)
(I am newbie on wechat and I don't know anything about Chinese online regulation. But I am sure that my blog is not blocked because I can access that blog on QQ browser)
Detail information
Imgur Image - Send URL to someone
I send URL to someone as above image.
Imgur Image - No access
At first, It opened well. But second time clicking url again, It didn't open with weird sentence as above image.
Tips. https://aceshipping.github.io
For account security, do not enter any info related to WeChat password in the Internet.
Continue (button)
But, Continue Button doesn't work and also there is no private-related information required on my github page. (You know that there is no login feature available in github page)
Please help me. I need to open this on WeChat, without other browsers.
TL;DR: use a .com/net/org/cn domain.
As of 2020/04, WeChat blocks links by default for public hosts like GitHub and Netlify, redirecting the page to https://weixin110.qq.com/cgi-bin/mmspamsupport-bin/newredirectconfirmcgi?main_type=1&evil_type=100&source=2&url=<your link here>&scene=1&devicetype=android-28&exportkey=...&pass_ticket=...&wechat_real_lang=(en or zh_CN or something). This page is a normal redirection page indicating "非微信官方网页,请确认是否继续访问。" ("not a WeChat official web page, please confirm to continue browsing.") when the language of WeChat is Chinese (whether simplified or traditional), but on other languages it redirects to a link like https://qbview.url.cn/getResourceInfo?appid=62&url=<your link here>&openid=<your WeChat account identifier>&version=10000&doview=1&platformtype=700. This seems to be a removed Tencent service which serves the page with no JavaScript and reduced CSS ('safe browsing' / 'reader mode' as on redirection pages), which was removed on some date in 2019, now serving on a bad SSL certificate and returns only 400 (Bad Request). It seems that the Chinese version of the weixin110 page is changed while in other languages the link remains unchanged, which leads to a bad link.
The HTML markup of those pages are listed, if anyone is interested: en, zh_CN (The words in the brackets are translations added by me)
I had created a simple portal site for our internal users, just a CSS menu with our internal web services which then displayed in an iFrame. Worked well so far.
Our helpdesk software was GLPI running on APACHE on the same server and had no issues. We recently upgraded to the latest version and in the meantime I moved it to our new web apps server and switched to IIS. The 'portal' is still hosted on the old server.
When I updated the javascript for the iFrame to point to the new address, it looked like it worked, I could get the login screen for GLPI. After logging in however I just get stuck at a white screen. If I try it in IE I get the message:
This content cannot be displayed in a frame
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be
displayed in a frame.
What you can try:
Open this content in a new window
It doesn't seem to be the iFrame itself as I can get the login page.
My question is, can anyone give me some ideas on where to look at this issue? I've checked the IIS logs on both sides and see no errors, GLPI reports no errors, neither does PHP.
GLPI is on IIS 8 on Server 2012
The 'portal' is on IIS 6 on server 2003
GLPI running on PHP 5.3.0
EDIT: I've looked into the X-FRAME issue and I'm pretty sure this is not it, servers are on the same domain and I am able to get to the login screen of the second server through the iFrame, just no content after that. If it was an issue with the frame or permissions I would expect to not get to the site at all?
The only header response currently in IIS is 'X-Powered-By --> ASP.NET' am I looking in the wrong spot?
The server is returning an X-Frame-Options header used to prevent ClickJacking. That header must be removed (or updated with an Allow-From directive that lists the framing page's origin) in order for the target page to be rendered as a subframe.
Here is my question. I have a site whose IP is 192.168.80.180. I want to use firefox to open it. and at the same time sending it a POST request to login. So I don't need to input the username and password in the web page and when firefox is startup it will directly login to the website. My platform is Linux. Please give me some ideas.
Update:
Concretely, how to communicate with firefox ,and let it load a certain URL which is a dynamic page.
Check this :
http://linux.about.com/od/commands/l/blcmdl1_curl.htm
curl allow you to do requests on anywebsite.
I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.
The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.
Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:
Click in "What do these mean?" goes here which says:
The [crossed-lock] icon appears when
Google Chrome detects high-risk mixed
content, such as JavaScript, on the
page or when the site presents an
invalid certificate.
The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.
Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.
I've searched for anything else coming from http in the source, but didn't find anything.
Is there some way (site, chrome extension, firefox extension, whatever) that will show exactly which are the resources that are "unsecured"?
I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.
Check your site in http://www.whynopadlock.com, which will give you a list of url which is not consider as secure by your browser.
Check the chrome console
You will get it like this,
The page at https://xys displayed insecure content from http://asdasda.png.
Make it http site to https then it will work.
I've found the problem using the Chrome Developer Tools. It was a js that's embedding a flash from an 3rd party site which it's using http.
Are you on Windows? Download and run Fiddler while browsing the site, and watch for HTTP connections.
Mixed content means contents of a web page are mixed with HTTP and HTTPS links.
These links include your JS, CSS, Image, Video, Audio, Iframes etc.
If your website is enabled for HTTPS (SSL certificate has installed), make sure you serve only HTTPS contents throughout your web page.
HI
I have the following (apparently simple) problem: I have to install a simple website, made by someone else, on a web hosting account. The site consists of lot and lot of HTML pages, no dynamic content, created some in MS Word and saved as html, some in frontpage, etc. A mixed bag.
I uploaded initially on a test account on my server (Win Server 2003) and it works ok.
Then I uploaded on the real web hosting (fedora / apache).
When I loaded the site in browser I see lot of odd craracters (instead of diacritics, used in html pages). Duacritics were saved as escape code, like & #350; for Ș (using codepage 1252).
The problem is, when I load the page from my own test server, the browser select automatically correct codepage (1252).
But when I load the site from public host, the same bowser loads the page using utf-8 encoding, rendering page with odd caracrets.
The test site on my server can be seen at http://radu-stanian.dnsalias.com and on public server at http://radustanian.scoli.edu.ro/
This happens no matter what browser I use (IE, ff or chrome)
What should I do to force browsers to load the pages in correct codepage?
Making changes to every page is not an option, because there are hundreds of pages, created by various peoples which could edit them further for update
Thank you
I did a quick google search and this is what I came up with:
http://www.w3.org/International/questions/qa-htaccess-charset
I've never messed with the .htaccess files with this scenario, but from what I read up it seems like you can force a certain character codepage mode based on file extension, which is what you need.
I'm not sure if it works, but hopefully it does :)
Most web servers allow you to edit HTTP headers. One of them can specify the exact codepage for a browser to use.
For example:
Content-Type: text/html; charset=ISO-8859-4