Page MenuHomeMiraheze

Whitelist postimages.org & imgbb.com (& their domains) for image display
Open, NormalPublic

Description

Please whitelist postimages.org & imgbb.com which are image hosters.
Images can't be showed even if "Allow External Images" is checked in the wiki configuration because of your CSP which sites not on the whitelist will be denied access.

The following whitelist entries are required:
'postimages.org'
'*.postimages.org'
'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'
'imgbb.com'
'*.imgbb.com'
'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

Sample image links:

Event Timeline

Zppix added a subscriber: Zppix.

Requesting security review.

It has not been resolved yet. Those two image hosting sites haven't been whitelisted.

They are popular image hosters which are within the top 5,000 sites according to Alexa.
https://www.alexa.com/siteinfo/postimg.cc #4,865 (owned by postimages.org)
https://www.alexa.com/siteinfo/ibb.co #2,075 (owned by imgbb.com)

The following whitelist entries are required:
'postimages.org'
'*.postimages.org'
'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'
'imgbb.com'
'*.imgbb.com'
'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

I don't think these will be added:

These just redirect to postimages.org:

'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'

These just redirect to imgbb.com:

'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

As for these, what is the purpose you need both wildcard and root domain?

'postimages.org'
'*.postimages.org'
'imgbb.com'
'*.imgbb.com'
Universal_Omega claimed this task.

No response. Please reopen task if still needed. Thanks!

Revival reopened this task as Open.EditedMon, Apr 19, 12:02

I don't think these will be added:

These just redirect to postimages.org:

'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'

These just redirect to imgbb.com:

'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

So sorry for late reply. The other domains need to be whitelisted too because those sites will also put many images on their respective domains.

Sample image links of postimages.org
https://postimgs.org/img/plugins/smf2_1.png
https://i.postimg.cc/DzK54CMz/image.png

Sample image links of imgbb.com
https://simgbb.com/images/logo.png
https://i.ibb.co/s9QQXyH/image.png

As for these, what is the purpose you need both wildcard and root domain?

'postimages.org'
'*.postimages.org'
'imgbb.com'
'*.imgbb.com'

If you just whitelist the root domain, it won't work on their sub-domains. That's why you need to whitelist their sub-domains too.
FYI I explained why whitelisting subdomains is necessary in a previous comment.
https://phabricator.miraheze.org/T5614#121433