Config option to use https://secure.gravatar.com
|Assignee:||Eric Davis||% Done:|
|Category:||Accounts / authentication|
IE no gives an error message when redmine is used over ssl saying somethin like "unencrypted items are on this page, do you want to continue" If redmine could have a switch to let is use https://secure.gravatar.com, this would be fixed.
Do not automaticly detect https because redmine will probably be used often in a proxy setup.
If I have time, I'll create a patch
#5 Updated by Eric Davis about 9 years ago
- Status changed from New to Closed
- Target version set to 0.9.0
- % Done changed from 0 to 100
- Resolution set to Fixed
#6 Updated by aruseni magiku over 6 years ago
Eric Davis wrote:
It looks like (according to app/helpers/application_helper.rb, Redmine 1.4.3) the SSL option is set depending on the protocol that is used to access a web page (so it will be SSL if you open the web page via HTTPS), not on the Protocol setting (which is used for adding links to the email notifications).
In my case, I needed to add proxy_set_header X-Forwarded-Proto https; to the nginx config (without this header Redmine considered the requests as HTTP requests and avatars were loaded via HTTP, although the rest of the content was loaded through HTTPS).
Alternatively (if the same configuration is used for both HTTP and HTTPS), one would add:
proxy_set_header X-Forwarded-Proto $scheme;