Suddenly, as of the last day or so, all the images in my layout build thread (https://cs.trains.com/mrr/f/11/t/278638.aspx) are showing up as broken links in Chrome and Edge. Firefox works fine.
When I click on the "broken" links the image opens up, which seems to indicate that the link isn't the problem.
Is anyone else seeing the same thing? Any idea what may be causing it, and what can be done to fix it?
I'm seeing the same thing in a lot of threads, but not all of them. ???
Mark P.
Website: http://www.thecbandqinwyoming.comVideos: https://www.youtube.com/user/mabrunton
Could be the same "bug" that has snarled video links?
Ricky W.
HO scale Proto-freelancer.
My Railroad rules:
1: It's my railroad, my rules.
2: It's for having fun and enjoyment.
3: Any objections, consult above rules.
What bug is that? I haven't heard about that one.
PruittWhat bug is that?
Henry
COB Potomac & Northern
Shenandoah Valley
PruittSuddenly, as of the last day or so, all the images in my layout build thread (https://cs.trains.com/mrr/f/11/t/278638.aspx) are showing up as broken links in Chrome and Edge. Firefox works fine.
Mark, I just checked and the images appear normal.
I use Edge.
York1 John
Google Chrome and Microsoft Edge have started blocking insecure (http, not https) data by default. Your personal website is http only, so the images are blocked. My install of Firefox allows non-https content, but I can't recall if that's the default or if I set it. Chrome and Edge at least tell me the default is blocked.
You can change the site permissions in the browser to allow insecure content for cs.trains.com, and then you get a scary red "Not secure" warning by the url and the images load.
Most of the photos posted via sharing sites use https, so don't exhibit the problem.
AEP528Google Chrome and Microsoft Edge have started blocking insecure (http, not https) data by default. Your personal website is http only, so the images are blocked. My install of Firefox allows non-https content, but I can't recall if that's the default or if I set it. Chrome and Edge at least tell me the default is blocked. You can change the site permissions in the browser to allow insecure content for cs.trains.com, and then you get a scary red "Not secure" warning by the url and the images load. Most of the photos posted via sharing sites use https, so don't exhibit the problem.
I have no trouble accessing my site directly. And why would clicking on the links bring the images up?
Any idea how to change the setting in Edge so I can see the images in the threads? I have no idea how to do that.
It works going to your site directly because it's not mixed http/https content. Google and Microsoft probably announced their plans to make the change, but us mere users generally have no idea until something doesn't work.
With cs.trains.com loaded (it can be anywhere in the forums) click the lock icon next to the url, then "Permissions for this site". That will open up a settings page in Edge. Find the setting for "Insecure content" and change the dropdown to Allow.
Reload the site and your images should appear.
For Chrome users, it's "Site settings" and "Insecure content" and "Allow", for Firefox users it's "Protection settings" and "HTTPS-Only Mode" then "Don’t enable HTTPS-Only Mode"
Thanks AEP528!
That worked.
When these bozos change settings like that, when you open the browser it should tell you, plus tell you how to reset whatever they changed.
You can edit your post and select Source Code <> and add the 's' to where it says 'http' so it now says 'https'
Most browsers will not show insecure (ie: http) content, nor should they. It can be a serious security issue.
My Build Thread: https://cs.trains.com/mrr/f/11/t/185298.aspx
Follow me on Instagram: https://instagram.com/stephenkingsmaine
AEP528 With cs.trains.com loaded (it can be anywhere in the forums) click the lock icon next to the url, then "Permissions for this site". That will open up a settings page in Edge. Find the setting for "Insecure content" and change the dropdown to Allow. Reload the site and your images should appear. For Chrome users, it's "Site settings" and "Insecure content" and "Allow", for Firefox users it's "Protection settings" and "HTTPS-Only Mode" then "Don’t enable HTTPS-Only Mode"
It is NOT a good idea to allow insecure content. There is a reason that they no longer display insecure content. By allowing it, you are leaving yourself open to cyber attack. My day job (30+ years) is Cyber Security.
Aralai You can edit your post and select Source Code <> and add the 's' to where it says 'http' so it now says 'https'
He's using a personal website that doesn't support https. While I agree that using http is problematic, figuring out how to get a certificate and install it isn't exactly the easiest thing.
AEP528 He's using a personal website that doesn't support https. While I agree that using http is problematic, figuring out how to get a certificate and install it isn't exactly the easiest thing.
That makes sense. Temporarily allowing insecure content will resolve the issue for now, but Google & Firefox will not be allowing that option for the long term, so ensuring that websites are upgraded to https is going to be needed at some point very soon. I get that it is a royal pain in the butt, especially for non technical folks, but unfortunately they need to address malware payloads that can take advantage of insecure sites and content.
I went through that with some of my older sites recently and it can be a pain. A decent hosting company will have support to make the change though.
Aralai It is NOT a good idea to allow insecure content. There is a reason that they no longer display insecure content. By allowing it, you are leaving yourself open to cyber attack. My day job (30+ years) is Cyber Security.
That's not a completely true statement. HTTPS does nothing to prevent cyber attacks. Malware can just as easily come over a secure connection as an insecure one. In fact, most phishing and scams intentionally use properly signed certificates for just that reason. What it does is prevent the reading of data in transit, with the main pupose to prevent theft of personal information.
AEP528 That's not a completely true statement. HTTPS does nothing to prevent cyber attacks. Malware can just as easily come over a secure connection as an insecure one. In fact, most phishing and scams intentionally use properly signed certificates for just that reason. What it does is prevent the reading of data in transit, with the main pupose to prevent theft of personal information.
Good point and that's true. I guess my concern was more that it's not good practice to allow insecure content without understanding the risks. It's probably not a huge issue here with images and youtube videos - more so if you are using logons and passwords that could be intercepted and used to compromise you.
It's the same as using a public wifi at Starbucks or an Airport. If you are not using https and better yet a secure VPN, you are open to your data being stolen.