I'm starting to move my client websites to HTTPS. Is it possible to use that in the image URLs? I tried it on one and got a security warning. For example:
This works: HTTP://cdnparap110.paragonrels.com/Pa...
Same URL, but with an 'S': HTTPS://cdnparap110.paragonrels.com/P...
Thank you,
Alright - I tried to comment but it pulled my link and now I can't see the post at all so let's try this posting as an answer:
We need an answer to HTTPS and we need it now. Google is expanding the insecure content warnings in Chrome to include all forms on sites in HTTP. You'll find the announcement on their blog at https://blog.chromium.org/2017/04/nex.... I warned about this in my initial post back in February but I'm done waiting now.
We need a timeline and it better be before October when those warning start firing out. If I haven't heard from you with a solid deadline by the 14th of May I'll be working with our client to switch systems and I'd advice others who may read this post to do the same.
Honestly - the warnings issue is bad enough but this is clearly something that's coming up repeatedly in requests and is negatively impacting your clients and the lack of action on it just isn't OK. I think I heard some times ago you're testing it but that's it - no word on how that's going or when the rest of us can expect it.
For fun, try to post a page that is ssl with mixed content in a facebook post. On mobile devices, through the facebook app, when you go to the page the insecure content is stripped. It really isn't that hard to implement SSL on your existing servers. For us it is a TON of overhead processing to dl to aws.
Great question, and I'm not sure of the answer. I'm checking with our Development and Network Operations teams to see what our options are.
9 March 2016 - UPDATE I spoke with our Development and Network Operations teams, and we do not have HTTPS support currently. We're reviewing the capability, but do not have a definitive timeline for implementation at this time.
12 May 2017 - UPDATE We are still working on the necessary steps to provide SSL for image servers. We support hundreds of customers, and millions of images. There are many pieces which have to be in alignment, before we can enable SSL for images.
20 June 2017 - UPDATE Want to let you all know we are still working on implementing SSL for images. We understand the impact this has on you, and your sites. We have a lengthy process to follow in order to enable SSL for the image servers and our CDN. I do not have a specific date for delivery, but we are definitely moving forward.
13 July 2017 - UPDATE Please do not post, or discuss unsupported, unadvised work around hacks to get SSL images. We will continue to delete comments of this nature.
We are in the process of procuring SSL certificates to support SSL Images on Amazon AWS. Direct connect to the AWS / CloudFront URL is not supported, and will likely result in incorrect / old images. Furthermore, we are testing SSL Images in our QA environment, with promising results.
2017-09-27 - UPDATE: We have started the process of adding HTTPS image support to each of our CDN environments and it should be enabled on all environments by 10/11/2017.
2017-10-11 - UPDATE: HTTPS image support is now enabled for all Paragon RETS environments using the CDN. You can change any CDN image URL with domain "cdn*.paragonrels.com" to HTTPS for secure images. Thank you for your patience
Would it be possible to have an update on this feed once there's any progress? We're also interested in this option.
Agreed, would be great to have a timeline for this. Currently it's impossible to take advantage of the CDN-served images on encrypted pages without users getting mixed content warnings.
Any update on this? This is a major issue. As an SEO it is a nightmare to either have a client have to fully redevelop their site to host their own images or take the SEO hit when it really isn't that hard to support a secure cert.
A couple points of reference on the importance:
Google's blog calling it a ranking factor - https://webmasters.googleblog.com/201...
Chrome security warnings - https://security.googleblog.com/2016/...
It's absolutely imperative that this become a priority ASAP. Google encourages SSL and modern browsers are strict with mixed-content issues. Paragon MLS is using Amazon CloudFront CDN which makes it easy to add custom domain SSL. See: https://aws.amazon.com/cloudfront/cus....
This is absolutely silly. What can possibly be the issue here? With Let's Encrypt, one can even get a free certificate. No reason to wait a day longer. Maybe if there was some sort of explanation to what the big problem of getting a certificate is, we could help you.
Good point Bryan. @vendorsupport - if your team can't figure this out just tell us why. In many cases you'll be talking to some solid developers or people like me who have worked in hosting (which is why we're all so frustrated - none of us understand the holdup because we know what's involved).
14 MAY UPDATE - The number of images really isn't the issue, the solution is the same for all of them. And it's literally been years since Google's told us it's important and now we're told there will be warnings coming to our forms without HTTPS. Will it be done by then? We NEED to know and now.
Do not point directly to the Cloud Front version of the URL. Images are not guaranteed to be up to date. This method is not supported, and will likely result in improper / old images. We are still working on SSL support for images, and are currently testing the functionality in our QA environment.
You guys are killing me with this. You have other MLSs where you have done this in other parts of the country. Why can you do it for some and not others? Funny that Zillow doesn't seem to have a problem getting photos, only local companies.
simply put, not good enough!. i think we are wasting our time trying to get anything done here. the MLS, mine is NEREN needs to know how serious an issue this is.The best way to do that is write an email that explains the problem, send to our clients. when they lose ranking, blame paragon and MLS
Since my first workaround was shot down, here's another that I have used. Have a PHP script on your server that you call by HTTPS. That script does a CURL to get the image insecurely on the server side then echos out an image/jpeg header and the contents of the CURLed file.
Really? "Don't post workarounds" is your reply to us trying to sort out a problem ourselves that you're not communicating on properly and not explaining why you can't seem to pull it off when so many of us have worked in similar environments and don't understand the difficulty. Really?
So ... now Google's going to be sending HTTP warnings. Who saw that coming? Oh wait - see my past messages and our past collective complaints. I'll be pointing my clients to this thread. Expect some calls and lost clients if you don't get this sorted NOW - http://selnd.com/2uZR4ik
This is ridiculous. Paragon has this implemented for other states outside of NEREN that they service. This is unacceptable and as a collective we should be letting NEREN board know this is a HUGE problem. If you are part of NEREN please contact them about this otherwise nothing will get done
If Paragon's servers are under their total control, implementing SSLs should be trivial matter as is our experience unless Paragon's technical skills are still at the novice level or that Paragon does does not control their own servers. In either case, one must question why NEREN chose this vendor
the last time vendersupport responded was 2 months ago on july 16th. i am going to call NEREN on monday and i am asking the other developers to do the same. we can always host the images on our server, and the the issue will be bandwidth which is already slow getting even slower. they need to fix it
Maybe the problem is that we're all complaining and discussing the issue in this forum since we all know it's not the difficulty of the task. Perhaps if we all discussed this situation more publicly on real estate dev sites, Twitter, etc. something might get done.
It used to work for me if I changed the URL to have https://.
Recently that has stopped working because of the SSL error: "cdnparap110.paragonrels.com uses an invalid security certificate. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net "
By default cloudfront offers an SSL version of the URL under their domain: "By default, you can deliver your content to viewers over HTTPS by using your CloudFront distribution domain name in your URLs, for example, https://dxxxxx.cloudfront.net/image.jpg. If you want to deliver your content over HTTPS using your own domain name and your own SSL certificate, you can use one of our Custom SSL certificate support features." (https://aws.amazon.com/cloudfront/cus...)
If I knew what that dxxxxx was I could rewrite the URL to contain that.
Seriously, as a web developer, former web hosting company owner, the fact you guys have dragged feet on this is ridiculous. Google has given notice to these changes long ago. The realty industry is so far behind in technology. I am hoping at some point, some company of good designers/programmers comes along and creates a MLS that forces the rest of you to rethink the whole thing.. Get the SSL up and stop dragging feet.
Since Paragon has failed to figure out how to implement HTTPS SSL security, we regularly download all images to our servers from Paragon RETS using Troy Davisson's PHRETS version 1.x PHP software [https://github.com/troydavisson/PHRETS] and Paragon's RETS version=rets/1.7.2 to folders named with the MLS#. Since Paragon also does not support RESO Standard Names and has also failed to translate NEREN Standard Names to Paragon's cryptic field names, we have built a translation table mapping over 250 NEREN Standard names to Paragon's cryptic field names and saving these data as required to our MySQL database. These two measures assures us total control that our HTML presentation may be either pure HTTP or HTTPS because all of web page content [photos and copy] for every MLS# emanate from our servers rather than directly from Paragon.
Comments