BernhardPosselt
commented
8 years ago Please read the first entry in the FAQ https://github.com/owncloud/news#my-browser-shows-a-mixed-content-warning-connection-is-not-secure
Closed dbenoy closed 8 years ago
BernhardPosselt
commented
8 years ago Please read the first entry in the FAQ https://github.com/owncloud/news#my-browser-shows-a-mixed-content-warning-connection-is-not-secure
dbenoy
commented
8 years ago Oh! I guess that makes sense. Okay.
When visiting the news reader via HTTPS, if it's reading from a source that references standard HTTP (or is itself standard HTTP, in the case of the favorite icon), it will directly link to unencrypted images. This causes browsers to get rid of their little green padlock and present warnings, and it exposes the potential for MITM manipulation of the page and eavesdropping on which news feeds you're subscribed to.
This could be solved by getting the news app to fetch and save images so it can serve them up itself, or proxying them on demand.