Have Chromium-based browsers just broken loading local images?

Description of the issue:

I have a longstanding website.
Been running it pretty much the same way and in the same place for twenty years. It’s simple old-school static HTML.

On this website, a few simple HTML pages reference and load in static images from the same server, using relative paths (local directory named file or / path). href to .png, nothing fancy.

I noticed that local images stopped loading in in recent Brave browsers. And in recent Edge. Firefox and Safari browsers are fine – I’ve checked multiple Windows computers and an iPad for this.

Brave and Edge share use of the Chromium rendering engine. So, has an upstream change in Chromium broken this simple website rendering by breaking loading in locally-referenced images? And is there something in this website’s code that triggers just Chromium-based browsers?

I’m on a terrestrial network, so I don’t believe there are any local content caches in my network interfering with image loading. Can’t speak for the server end or how Sourceforge does cloud and content pushing (I’m in Australia), but Sourceforge’s behaviour does appear to be browser-engine and rendering specific. Chromium-based engines, including Brave, have problems with this site and do not load images, Webkit-based engines do not have problems and load images just as you would expect.

Steps to Reproduce (add as many as necessary): 1. 2. 3.

Go to http://savi.sourceforge.net/ in recent Brave or in recent Edge. This will redirect to https://savi.sourceforge.io/ to give you that added https:// feeling of security, and load in /index.html (the https: redirect is Sourceforge’s idea)

Compare the results (no images from the same website load; the sourceforge logo icon at bottom is pulled from a cgi on another Sourceforge site, and loads).

Actual Result (gifs and screenshots are welcome!):

local images do not load in Brave or Edge. They do in Safari and Firefox, which are not Chromium-based. I’d upload a couple of images here if I could figure out how, but you know what a website looks like with and without images loaded. (Firefox’s bugzilla, I know how to upload images to the bug report, this one I don’t, sorry.)

Expected result:

locally-referenced images should load and render consistently across all browsers, whether they are based on Chromium (Brave, Edge) or not (Safari, Firefox)

Reproduces how often:

Now, repeatedly. But this appears to be a recent change with Edge/Brave browser updates.

Operating System and Brave Version(See the About Brave page in the main menu):

Windows 10 1809, Brave V1.19.92 (Feb 5, 2021)

  • Upgraded Chromium to 88.0.4324.152. ([#13969]

Additional Information:

I’ve spent quite a while trying to figure this one out. Help or pointers would be appreciated.

Confirmed on Brave 1.19.92 Windows 10. No images load on https://savi.sourceforge.io/, they appear as broken images. I did a force reload and images still did not load.

When I open this image directly, https://savi.sourceforge.io/savi-logo-small.png, it opens fine and I see the image. But the images do not appear in the HTML page like they should.

This seems to be the expected behavior since the savi.sourceforge.net site refuses https connects:

Mixed Content: The page at 'https://savi.sourceforge.io/' was loaded over HTTPS, but requested an insecure element 'http://savi.sourceforge.net/savi-logo-small.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

(Quote from the developer tools javascript console)

I get that sourceforge is an open source repository but security is still important isn’t it? Isn’t that the whole reason for switching to brave and the blockchain?

jek – http://savi.sourceforge.net does a redirect to https://savi.sourceforge.io/ and all subsequent requests should be to the .io site over https.

you can put in https://savi.sourceforge.io/. directly in the url bar, images still do not load.

Aha - problem was caused by legacy in headers, so images were pulled in from the insecure version of the site, which was not over https. Remove that, Brave and Edge work as they should.

Blocking loading in http images on an https site appears to be a recent change in Chromium upstream. FIrefox and Safari ie Webkit don’t do this.

thanks, all.

2 Likes

great, html tags in comments get elided because the arrow brackets don’t get translated to ampersand-gt or ampersand lt I guess if I type as character they won’t get elided as well: as chars: <> escaped: > < – that appears to be a problem with this web interface. Don’t roll your own web comments forum interface when people might have to try and write code in comments, would be my advice.

Problem was a base href tag to http://savi.sourceforge.net, causing images to be loaded in insecurely Removed that, all good. interesting that one image on another website loaded in over a secure connection – one might imagine that anything from another domain eventually doesn’t load in, because there’s some security risk…