How can I let users of my website continually change the content of an image file with redirects and URL masking?

tldr: how do I redirect an https hosted image to show an image hosted on an http (non-cert) site, make sure my site/link is always the one in the address bar, and do it many times in a row without relying on .htaccess because it would be better if I did not.

I am creating a website whose purpose is to host the file image.png and let users who visit the site change what image the file shows. I do not want worry about uploads/hosting the images myself, so I am trying to do it by letting them paste a direct link to an image into a form, and then redirect image.png to that link input.

My questions are:

  • How can I let users of my website continually update that redirect and mask it behind the plain old image.png URL?
  • How do I pull a non-HTTPS hosted image into an HTTPS site?
  • Is there an easier/better/safer way of doing this?

The important points are that:

  1. When a user visits a page with image.png on my site, they will see the last target image any user set as the new redirect.
  2. When a user visits https://www.example.com/image.png directly, they see the target image without the redirect shown in the address bar (that is, the bar still says image.png, this may be impossible, but I'm not sure)
  3. Any direct image link can work. From non-SSL sites with easy URLs to stuff like "https://lh3.googleusercontent.com/edce5WRyt7jd4J5pL6DUeneeBJISxsE-jgYLiiajEdrvUP_oXFbkK9CJWSQAIbO0X_UbMhP1tOrl-VPpUVU3qb5C823i_jI3eOZi8Q=s550" basically I don't expect users to find particularly friendly links because I want them to be able to throw whatever they want into it.

Here is my approach:

I am currently trying to solve this through the .htaccess file and mod_rewrite. It's the first time I'm dealing with apache and I am running into 3 problems:

  1. Redirect URLs from non-https sites break the image.
  2. While the image appears as image.png on hover and in the page source, loading example.com/image.png directly shows the redirected URL in the address bar.
  3. Continuously updating .htaccess (probably through PHP or AJAX) with user input sounds like a horrible idea with huge security/breakage risk.

Here is the current HTML, just a simple image tag, shows the image.png that is hosted on the site, which we want to change to a picture of a dog:

<img src="/image.png" alt="picture" style="max-width: 100%;">

Here are two examples of rewrite rules I have tested in my .htaccess file. I only ever need to redirect one link, so the logic is pretty straightforward at the moment.

HTTPS Links: This first example finds image.png and replaces it with a direct link to a photo of a dog from https site Chewy.com. It works in that you load the site and see the picture of the dog but it does not work in that if you visit image.png directly you will just be redirected completely to the original file on Chewy's server, address bar and all.

RewriteEngine on
RewriteRule ^image.png https://cms-www.chewy.com/contentAsset/image/5d711871-420a-4a49-8523-cfdd1da16389/fileAsset/byInode/1/filter/Resize,Jpeg/jpeg_q/100/resize_w/240/resize_h/240/PET-TILES-Deal-FlagsDog-2x.jpg [R=302]

HTTP Links: This first example finds image.png and replaces it with a direct link to a photo of a dog from an un-certified http site I run. It does not work in both cases. It loads a broken image icon and does not mask the URL (ie. it fully redirects) when loaded directly.

RewriteEngine on
RewriteRule ^image.png http://lratioybbetter.com/dog.png [R=302]

Any help is greatly appreciated!

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum