• Gitea version (or commit ref): 1.0.1
• Git version: 2.7.4
• Operating system: Ubuntu 16.04 LTS
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL): https://try.gitea.io/gitea/gitea
  • No
  • Not relevant
• Log gist:

Description

Gitea can still serve mixed-content pages, even with SSL. This is most pronounced with images being loaded over an insecure connection.

This can be solved by integrating a solution similar to camo (GitHub uses this) into Gitea.

In addition to security, it also provides a privacy benefit for users if the install is public.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.