0
1

[–] foxlet 0 points 1 points (+1|-0) ago  (edited ago)

Simple being hosted off-site doesn't mean that it will suffer from it, that's a problem with whoever set up CSS for that sub, since there is nothing preventing the use of HTTPS URLs in CSS. I would try PM'ing mods of such subverses to change their hosting or fix the url references.

As an example, /v/foxes has no issues with that (top hero banner as an example), since all outside resources are obtained via HTTPS.

0
0

[–] 10000000000000000000 0 points 0 points (+0|-0) ago 

What's the potential risk for images hosted on an HTTP site? If you upload an image to imgur, I believe it sets them to HTTP by default. How insecure is it? (serious questions)

0
1

[–] CptCmdrAwesome [S] 0 points 1 points (+1|-0) ago 

From https://developer.mozilla.org/en-US/docs/Security/MixedContent

If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted: the unencrypted content is accessible to sniffers and can be modified by man-in-the-middle attackers, and therefore the connection is not safeguarded anymore. When a webpage exhibits this behavior, it is called a mixed content page.