Feature #2718

Config option to use https://secure.gravatar.com

Added by Pim Snel almost 9 years ago. Updated over 5 years ago.

Status:ClosedStart date:2009-02-11
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:Accounts / authentication
Target version:0.9.0
Resolution:Fixed

Description

IE no gives an error message when redmine is used over ssl saying somethin like "unencrypted items are on this page, do you want to continue" If redmine could have a switch to let is use https://secure.gravatar.com, this would be fixed.

Do not automaticly detect https because redmine will probably be used often in a proxy setup.

If I have time, I'll create a patch

Associated revisions

Revision 2832
Added by Eric Davis over 8 years ago

Upgraded the gravatar plugin from http://github.com/woods/gravatar-plugin

This will update the gravatar.com url (#2921) and provide support for SSL
gravatars (#2718).

Revision 2833
Added by Eric Davis over 8 years ago

Enable SSL gravatars when Redmine is using https. (#2718)

History

#1 Updated by Nicolas Gauthier over 8 years ago

+1

#2 Updated by Dan Cameron over 8 years ago

+1 I had to hack the existing plugin.

also, an option to set the default gravatar would be good too.

#3 Updated by Dan Cameron over 8 years ago

Sorry, in my opinion this should be issued as a bug.

#4 Updated by Eric Davis over 8 years ago

  • Assignee set to Eric Davis

Instead of an option, I think it would be best to autodetect if Redmine is running with SSL and dynamically change the url. I'll take this issue since I need to do some work in the Gravatar section anyways.

#5 Updated by Eric Davis over 8 years ago

  • Status changed from New to Closed
  • Target version set to 0.9.0
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.

#6 Updated by aruseni magiku over 5 years ago

Eric Davis wrote:

I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.

It looks like (according to app/helpers/application_helper.rb, Redmine 1.4.3) the SSL option is set depending on the protocol that is used to access a web page (so it will be SSL if you open the web page via HTTPS), not on the Protocol setting (which is used for adding links to the email notifications).

In my case, I needed to add proxy_set_header X-Forwarded-Proto https; to the nginx config (without this header Redmine considered the requests as HTTP requests and avatars were loaded via HTTP, although the rest of the content was loaded through HTTPS).

Alternatively (if the same configuration is used for both HTTP and HTTPS), one would add:

proxy_set_header X-Forwarded-Proto $scheme;

Also available in: Atom PDF