External linked image

prodesk 2020-07-06 17:01:34 UTC #1

Hi All !
After the last update, the images linked in the emails disappear if not linked on a secure server. In the email signatures we have links to images on our internal web server: even those disappear. Couldn’t a “white list” be set up to set up secure servers even if not https? Or could the new configuration be canceled with a parameter?
Signatures and images are generated by the email server and are not configured on Egroupware. I hope the problem occurs only between internal emails …
Thanks in advance

RalfBecker 2020-07-06 19:11:00 UTC #2

Problem is if we keep http images, the browser flags EGroupware as insecure because of the mixed content

http is dead!

Ralf

prodesk 2020-07-07 05:45:29 UTC #3

Thanks Ralf
I will look for an alternative for my images …

J_Roeleveld 2020-07-07 14:54:05 UTC #4

Ralf,
I noticed the same issue myself.
Is it possible for eGroupware to “proxy” the images and provide them directly?
Then all we need is to add an additional filter to where we can prevent eGroupware from getting images from the likes of facebook and the internet will be safer.

–
Joost

RalfBecker 2020-07-07 15:20:17 UTC #5

Hi Joos,

that is a bit like saying the mixed content warning of the browser is for no reason

It’s also risky as we make arbitrary content available under EGroupware’s origin circumventing any CSP policy.

You can simply click on allow the unsafe images, and suffer the consequences, but been warned before.

Ralf

J_Roeleveld 2020-07-07 15:23:10 UTC #6

Ralf,
Very good point.
What about via a whitelist?
Please consider this a feature-request

–
Joost

prodesk 2020-07-08 06:08:24 UTC #7

Indeed, the system is a bit too restrictive … Not all sites, even those of imported companies, have images linked on https servers and sometimes it is not possible to do anything, except to open emails in another client. The “show” and “permit” options do not seem to work.
It happened to me with emails from Eaton, Texas Instrument, SunGuard, Genius Faber, Fiam, etc.
This thing is creating problems for all colleagues.
If you could do something … apart from the “white list” it would take something to choose whether or not to activate this type of security, at least until everyone (but really everyone) will use https

RalfBecker 2020-07-08 06:54:37 UTC #8

Then this need to be fixed.

@hadi.nategh can you confirm that?

Ralf

prodesk 2020-07-08 08:55:53 UTC #9

Hi Ralf
As soon as new emails arrive I send you photos.
I can tell you that on those where I have already made the choice (show or allow) the images are not displayed and I am no longer offered the choice.

Pier

RalfBecker 2020-07-09 10:21:01 UTC #10

I implemented now a configurable proxy setting, off by default for data privacy, which can be set eg. to a proxy we provide, to proxy public accessible http pictures to https:

You can either apply that above patch to your container, or wait for the next maintenance release.

Ralf

adnanbutt050 2020-08-18 07:45:36 UTC #11

Hi @RalfBecker,

I updated the Egroupware version to 20.1 still the problem persists with the images.

My signature conains two pictures, is there any way that I can remove this blocked error message.

I got this message blocked External Image when the recepient reply to my email.

Even though I set the forced preference Allow external images: Always

Kind regards,
Adnan

RalfBecker 2020-08-18 07:49:31 UTC #12

This image has more then one problem:

http url will NOT display in a https site by your browser anymore
link contains no domain name: http:///egroupware/…
link is a webdav url which requires authentication

Ralf

adnanbutt050 2020-08-18 07:55:46 UTC #13

Hi @RalfBecker,

so there is no possiblity that I can upload an image to my signature?

I simply upload or add an image to my signature, when I sent an email the recepient get proper email with proper signature. The problem occureed whn the recepient reply to my email I got this block error message,

Adnan

RalfBecker 2020-08-18 08:02:40 UTC #14

That is not what I said!

I said the above picture can not work for multiple reasons, see my reply.

Ralf

adnanbutt050 2020-08-18 08:32:16 UTC #15

Hi @RalfBecker,

Thank you for your immediate response.

Yes, I understand actually there was a problem with the attached image,

Kind Regards,
Adnan