Problem With Images

[fallenmystic]

I am frequently getting an “internal server error” message. If I try a second time it goes away.

That's an equivalent of 500 error which means any problem that occurs on the server, so likely to be irrelevant to the traffic optimisation and also something difficult to debug without having access to the server logs.

P.S.: @malins I edited my post in the previous page, so you may want to see it if you have read it already.

 

[Jollyrei]

This is where l'bogo is only seeing 'dud' icons: https://www.cruxforums.com/xf/threads/news-from-margot.4343/page-35#post-553978

I am also on Firefox and I cannot reproduce this error. I get the pictures, and everything seems to work fine for me.

 

[malins]

I don't know for sure as I haven't used XenForo myself. But I suspect it could be the total queries that the server sees

Found the documentation,
It's indeed the total number of queries (not per second) to generate one page for one session.
https://xenforo.com/xf2-docs/dev/development-tools/#debug-mode

this should be deactivated because you can click on the number of the time in seconds,
and then you get detailed debug output,
(it includes my personal cruxforums ID when I look it up, so it is really per session, per page call)



that is unnecessary information disclosure
(just scroll all the way down, the complete list of included class files can be browsed, for instance in order to look for attack vectors)

At least the link to the full debug stack has a 'nofollow' attribute so search engines won't go there...

 

[fallenmystic]

I am also on Firefox and I cannot reproduce this error. I get the pictures, and everything seems to work fine for me.

You may in future, however, if what we found about the policy change is indeed the case. As mentioned in a previous post, all major browsers have been in unison in their efforts to pressure people to move to HTTPS by adopting increasingly stricter policies on less secure contents.

So if Chrome had indeed determined it's about time to block such contents entirely, we may expect similar measures taken by other browsers in future.

 

[fallenmystic]

Found the documentation,
It's indeed the total number of queries (not per second) to generate one page for one session.
https://xenforo.com/xf2-docs/dev/development-tools/#debug-mode

That is some scary looking bunch of LEFT JOINs ... I've never liked dealing with SQL, so most of the queries I have to write look much simpler.

@ImageMaker could you change the option to turn off the debug mode, as the above link describes? Currently, the forum is exposing an necessary (and potentially sensitive) information and it could be incurring some performance overhead also. So, we think it's better to disable it, if you can. Thanks!

 

[Darkprincess69]

Can anyone help, please?

I've heard from a member who is having problems seeing full-size, externally-hosted images, such as the big ones on News from Margot - he just sees 'dud' icons where the pics should be. This seems to have begun after the recent software upgrade.

There are also reports of some other external-hosted images bringing up error messages when members click on them.

Has anyone here experienced any such issues, or heard of them from other members?
(Or indeed, of any other transmission problems)

Same issue here in Firefox running on Linux;

 

[fallenmystic]

Currently, the forum is exposing an necessary (and potentially sensitive) information...

I'm amazed at what kind of typos I'm capable of making when the caffeine concentration in my blood is dangerously low

I meant "unnecessary", of course.

 

[LittleSiss]

I can reproduce this problem in Chrome on mobile. In Firefox on Mobile which is what I normally use, it doesn't happen.

Interestingly, if I press my finger down on the broken image icon, after a while I'll get a popup menu that allows me to "open image in a new tab" among other things ... and that works.

Since the images load normally in Firefox I'd assume this may be an issue with Chrome only, perhaps a recent update, and not CF as such.

I've verified just now that the problem doesn't show up on Chrome Desktop at least for me.

Chrome has always been a problem on CF.

I never use it!!!!!

 

[Jollyrei]

all major browsers have been in unison in their efforts to pressure people to move to HTTPS by adopting increasingly stricter policies on less secure contents.

So far, Furryfox has maintained the method of allowing the user to prescribe settings for how much blockage to allow, and possibly warn when content is not secure. Most of the time, there is no particular need for all this extra security anyway, as far as I can tell. Using https is not going to stop Google tracking your searches or datamining your preferences.

 

[fallenmystic]

So far, Furryfox has maintained the method of allowing the user to prescribe settings for how much blockage to allow, and possibly warn when content is not secure. Most of the time, there is no particular need for all this extra security anyway, as far as I can tell. Using https is not going to stop Google tracking your searches or datamining your preferences.

You are right, the security risks HTTPS prevent are different from those you mentioned. And I also agree that loading insecure images have only limited potential to become a real security problem. So that was why I said it's more of a nuisance than a real problem once we fixed more serious vulnerabilities by enabling HTTPS before.

That being said, I think it's quite likely that Firesquirrel will soon follow Chrome in blocking mixed contents altogether in future. To be exact, there are two different types of mixed contents which are 'active' (e.g. scripts) and 'passive' (e.g. images) ones.

And Furrysquirrel already changed its policy to block active mixed contents by default a few years ago. As I mentioned in the previous post, the internet is moving to HTTPS as a whole and there are about 10% of websites that still adhere to the old, insecure protocol.

As all the major browsers have been increasing their pressure on those site owners to adopt HTTPS (Mozilla foundation which owns Furryfox is among the board members of Internet Security Research Group which started an initiative to help people easily migrate to HTTPS) I think it's not entirely unreasonable to expect other browsers will follow Chrome's new policy regarding mixed contents in future.

 

[l'bogo]

Does this happen on other threads with embedded full size images too, or only on this one, Margot's?
As a control, use this one for comparison: https://www.cruxforums.com/xf/threads/the-soppy-sentimental-photostory-thread.8280/
Do the full-size images show or are they also just broken icons?

Your is good!
No view of any pictures in the NFM thread.

 

[fallenmystic]

Is Red Feline website owned by one of our members?

 

[malins]

Is Red Feline website owned by one of our members?

I put a note to @Margot on her thread.

 

[Eulalia]

That is some scary looking bunch of LEFT JOINs ... I've never liked dealing with SQL, so most of the queries I have to write look much simpler.

@ImageMaker could you change the option to turn off the debug mode, as the above link describes? Currently, the forum is exposing an necessary (and potentially sensitive) information and it could be incurring some performance overhead also. So, we think it's better to disable it, if you can. Thanks!

I've drawn IM's attention to that. It is way above my pay-grade. It might be helpful to know that XenForo runs a daily 'file health check' that ensures everything that should be working is, and anything that shouldn't be, isn't. Also, when the site is closed for upgrades etc., we staff can access it, but we get a message 'open in debug mode'.

 

[ImageMaker]

@ImageMaker could you change the option to turn off the debug mode

Done.

 

[fallenmystic]

Done.

Thanks much!