Mixed-content issues

[minecrafter]

• Gitea version (or commit ref): 1.0.1
• Git version: 2.7.4
• Operating system: Ubuntu 16.04 LTS
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL): https://try.gitea.io/gitea/gitea
  • No
  • Not relevant
• Log gist:

Description

Gitea can still serve mixed-content pages, even with SSL. This is most pronounced with images being loaded over an insecure connection.

This can be solved by integrating a solution similar to camo (GitHub uses this) into Gitea.

In addition to security, it also provides a privacy benefit for users if the install is public.

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[thehowl]

If we're embedding a camo server into gitea, I'd like to say go-camo is a thing and we could get most stuff from that: https://github.com/cactus/go-camo

[tboerger]

go-camo makes sense, we don't want to reinvent the wheel

[lunny]

Anyone would like to send a PR to fix this?

[lunny]

Move this to v1.2 since no PR to send.

[6543]

is there any progress?

[lunny]

Nobody are working on this.

[6543]

@lunny
can we do this onto 1.10.0?
i think it only afects the markdown parts of gitea?
which files are these so i'll have a look at it

and mean lable kind/securety also privacy ?
because i think this is also a privacy concerne ...

[6543]

to discust:

should we replace the src url of img nodes after blackfriday process the markdown

or

replace ![*]($url) with ![*]($camourl/$url) ?