[Issue]: 10.7.7 grabs covers from tmbd over http, not https #3407

New Issue

Closed

opened 2026-02-06 23:14:40 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-06 23:14:40 +03:00

Owner

Copy Link

Originally created by @lgrn on GitHub (Nov 29, 2021).

Please describe your bug

When clicking "Identify" on an object and putting in some search terms to grab covers etc. the search results (class="cardImageContainer coveredImage") are a mix of HTTP and HTTPS URLs for the images, seemingly dependent on the source. This causes all images (in my case) served over HTTP not to show, as the connection to the Jellyfin instance is over HTTPS and presumably mixed content isn't allowed.

By right clicking the empty space where the poster should be, choosing "Inspect" and changing the URL to one using HTTPS, the poster shows up. Here's an example of an "incorrect" one:

<div class="cardImageContainer coveredImage"
style="background-image:url('http://image.tmdb.org/t/p/original/foo.jpg');">
</div>

Changing to https in the background-image:url makes it show up fine.

This only seems to affect images from TMDB, images from "The Open Movie Database" seem to be HTTPS by default and work fine.

Is there a server-side setting here that I'm missing causing this, or could this be improved so that all covers (where it works) are grabbed over HTTPS?

Jellyfin Version

10.7.7

if other:

No response

Environment

No response

Jellyfin logs

No response

FFmpeg logs

No response

Please attach any browser or client logs here

No response

Please attach any screenshots here

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Originally created by @lgrn on GitHub (Nov 29, 2021). ### Please describe your bug When clicking "Identify" on an object and putting in some search terms to grab covers etc. the search results (`class="cardImageContainer coveredImage"`) are a mix of HTTP and HTTPS URLs for the images, seemingly dependent on the source. This causes all images (in my case) served over HTTP not to show, as the connection to the Jellyfin instance is over HTTPS and presumably mixed content isn't allowed. By right clicking the empty space where the poster should be, choosing "Inspect" and changing the URL to one using HTTPS, the poster shows up. Here's an example of an "incorrect" one: ``` <div class="cardImageContainer coveredImage" style="background-image:url('http://image.tmdb.org/t/p/original/foo.jpg');"> </div> ``` Changing to https in the `background-image:url` makes it show up fine. This only seems to affect images from TMDB, images from "The Open Movie Database" seem to be HTTPS by default and work fine. Is there a server-side setting here that I'm missing causing this, or could this be improved so that all covers (where it works) are grabbed over HTTPS? ### Jellyfin Version 10.7.7 ### if other: _No response_ ### Environment _No response_ ### Jellyfin logs _No response_ ### FFmpeg logs _No response_ ### Please attach any browser or client logs here _No response_ ### Please attach any screenshots here _No response_ ### Code of Conduct - [X] I agree to follow this project's Code of Conduct

OVERLORD added the bug label 2026-02-06 23:14:40 +03:00

OVERLORD closed this issue 2026-02-06 23:14:42 +03:00

OVERLORD referenced this issue 2026-02-07 06:03:19 +03:00

[PR #3407] [MERGED] .gitignore: ignore jellyfin-web symlink & .vscode: dotnet telemetry optout #9503

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release-10.11.z

renovate/skiasharp-monorepo

JPVenson-patch-1

renovate/morestachio-5.x

release-10.9.z

openapi-cache

release-10.10.z

explicit-load

explicit-load-v2

feature/entity-framework

only-count-folder-item

fix/ci-workflow-refactor

release-10.8.z

release-10.7.z

EraYaN-add-management-interface

release-10.6.z

release-10.5.z

release-10.4.z

release-10.3.z

release-10.2.z

release-10.1.0

v10.11.6

v10.11.5

v10.11.4

v10.11.3

v10.11.2

v10.11.1

v10.11.0

v10.11.0-rc9

v10.11.0-rc8

v10.11.0-rc7

v10.11.0-rc6

v10.11.0-rc5

v10.11.0-rc4

v10.11.0-rc3

v10.11.0-rc2

v10.11.0-rc1

v10.10.7

v10.10.6

v10.10.5

v10.10.4

v10.10.3

v10.10.2

v10.10.1

v10.10.0

v10.9.11

v10.9.10

v10.9.9

v10.9.8

v10.9.7

v10.9.6

v10.9.5

v10.9.4

v10.9.3

v10.9.2

v10.9.1

v10.9.0

v10.8.13

v10.8.12

v10.8.11

v10.8.10

v10.8.9

v10.8.8

v10.8.7

v10.8.6

v10.8.5

v10.8.4

v10.8.3

v10.8.2

v10.8.1

v10.8.0

v10.8.0-beta3

v10.8.0-beta2

v10.8.0-beta1

v10.8.0-alpha5

v10.8.0-alpha4

v10.8.0-alpha3

v10.8.0-alpha2

v10.8.0-alpha1

v10.7.7

v10.7.6

v10.7.5

v10.7.4

v10.7.3

v10.7.2

v10.7.1

v10.7.0

v10.7.0-rc4

v10.7.0-rc3

v10.7.0-rc2

v10.7.0-rc1

v10.6.4

v10.6.3

v10.6.2

v10.6.1

v10.6.0

v10.5.5

v10.5.4

v10.5.3

v10.5.2

v10.5.1

v10.5.0

v10.4.3

v10.4.2

v10.4.1

v10.4.0

v10.3.7

v10.3.6

v10.3.5

v10.3.4

v10.3.3

v10.3.2

v10.3.1

v10.3.0

v10.3.0-rc2

v10.3.0-rc1

v10.2.2

v10.2.1

v10.2.0

v10.1.0

v10.0.1

v10.0.0

v10.0.2

v3.5.2-5

Labels

Clear labels

EFjellyfin.db

area:database

awaiting-feedback

backend

blocked

breaking change: web api

bug

build

ci

confirmed

discussion needed

dotnet future

downstream

duplicate

enhancement

feature

future

github-actions

good first issue

hdr

help wanted

invalid

investigation

librarydb

live-tv

lyrics

media playback

music

needs testing

nuget

performance

platform

pull-request

Mirrored from GitHub Pull Request

question

regression

release critical

requires-web

roadmap

security

security

stale

support

syncplay

ui & ux

upstream

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/jellyfin#3407