Warning: This plugin has't been updated in over 7 years. It may no longer be maintained.
What you can do to help:
This plugin is intended for use on elgg sites served with SSL. Often users will post external images that are served over unencrypted http which will generate browser mixed content warnings. This plugin attempts to minimize such warnings by providing a proxy for such images.
Non-https image urls not originating from the elgg host name are replaced with a proxy url to mod/image_proxy/image.php. This file forwards the headers and image content from the http source through to the browser using the elgg site ssl thereby removing unsecure content warnings from browsers.
Non-https images originating from the elgg host over http are rewritten to serve from https
The proxy has an encryption element to ensure that urls passed through are originating as elgg content. This uses the elgg site secret by default. The elgg engine is not booted during the proxy forwarding process to keep things as lean as possible. A single database query is used to retrieve the site secret.
This can optionally be bypassed by adding a new secret string directly to the settings.php file
$CONFIG->image_proxy_secret = 'my secret string';
Adding a custom image_proxy_secret to the config will eliminate all database interaction for the proxy
View Matt Beckett's plugins
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.