It just means that signavatar.com is more accepting of whatever-the-imgur-URI is for the currently rotated choice, then republishes that as the 59798_v.png of the momenf on its site, in a form the Bay12 sanity checker has no problems with. (The signavatar URI is serving on plain http
Maybe there's a simple tweak in the regexp the SMF backend uses to (not) validate the imgur address (like making it m/^https?:\/\/\w+(…whatever…)$/i, if that isn't more dangerous for cross-host scripting exploits - need to research that properly). Maybe there's a better imgur URI to try that doesn't fall foul of the existing one.
But from the "does nothing for ages" I'm thinking it does like the (non-https) address, but then fails to failsafe when it pokes the source given (to check it doesn't, at least this one time, try to serve a TB-sized explicitly uncachable image, maybe?) and the source doesn't like the poke.
Perhaps the user-agent sent by the SMF backend's HTTP fetch is blacklisted now?
It wasn't originally, I presume, and once set in the those hallowed days of permissivenesz it was only ever accessed by reader's browsers providing (mostly?) unblacklisted user-agents - but on trying to update the profile settings SMF checked that field (as with all others) exactly as it was configured to before, but now with no luck due to the newer block. The increasingly DDOS-proofed imgur server (or firewall/traffic-shaper in 'front' of the cluster) is saving itself a headache by just letting the port 80 request time out if it doesn't like the request header.
How to solve that? Well, I could see a modification (or modified copy, under this case only) to the URI-test procedure to change it to pretend to be an Edge/Firefox/Chrome/whatever browser instead of whatever innocently accurate but detested agent name it has now ("SMF Test Request", maybe, instead of the silly and sometimes totally misleading-to-cadual-observers compatibility/equivalence indication strings[1] from 'true' browsers).
I could also see the straight disabling/hobbling of the fetch-test (except that it probably stops certain problems that I wouldn't advise letting through unimpeded) so that it doesn't block like that.
Possibly Tarn could manually open some of the backend files and insert the (manually OKed) URI in there, but I don't know what format (flatfile text, YAML, .db, whatever) it is stored in, it might (ought to!) be further wrapped up in salted encryption to prevent 'simple' hacking, if done wrong it could nix the whole forum... and if one person asks then loads might - and I wouldn't want to be the one responsible for sending hordes of requests his way. Especially not being familiar with running SMF myself and almost all of this being (logical, semi-educated) guess and conjecture...
So... Set up a signavatar of your own (rotate 1 of 1 forwarded imgur images)? Find a workable alternate host (keep the imgur for reference in case your new choice is short-lived)? Get Tarn to lay off DF work to update SMF to latest version that might have the coding changes needed, 'only' breaking a half dozen or so other things us forumites like, in the process?
[1] e.g. "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36 Edg/88.0.705.63"
Author
Topic: I've been unable to update my forum profile (Read 4433 times)