If a site is not on HTTPS, Chrome version 56+ will mark it as “not secure” for passwords. vBulletin needs image proxy to make thread pages as HTTPS
If a site is not on HTTPS, Chrome version 56+ will mark it as “not secure” for password and other sensitive information fields.
I have moved Go4Expert from vBulletin to Xenforo and has changed it over to HTTPS but vBulletin 3.x and vBulletin 4.x will have a hard time moving over to HTTPS.
You can make the design that includes CSS and JS and images change fairly easily but the issue will be for user content where images are embedded from other non-HTTPS based site.
The solution in vBulletin
I am not developing add-ons for vBulletin anymore and so will not be able to share the complete working solution for it but here is an addon for vBulletin 4.1.x but let me also outline what needs to be done.
The solution is in two parts.
Part 1: Proxy PHP Script for Images
Here is a sample PHP proxy code using curl that can be used in vBulletin to route image embed URLs in posts through this proxy.
Part 2: Route IMG Tag to use Proxy for non-secure Images
For non secure IMG urls, override the final url of the image to route through the above proxy. Make sure you are using the same secure salt and hashing to avoid any hacking attempts using the proxy.
Hook bbcode_img_match and add the following code
Above code assumes that you have uploaded the image proxy file to the server and named it as imgproxy.php at the root of the domain.
Can even put the $salt variable in config.php.
Note that I have not used vBulletin’s bburl option to build image url because if you don’t have HTTPS in bburl, it can cause issues.
Further Reading …