Patch #5929
closedhttps-enabled gravatars when called over https
100%
Description
The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.
Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb (revision 3839)
+++ app/helpers/application_helper.rb (working copy)
@@ -772,7 +784,7 @@
# +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
def avatar(user, options = { })
if Setting.gravatar_enabled?
- options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+ options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
email = nil
if user.respond_to?(:mail)
email = user.mail
Related issues
Updated by Eric Davis about 14 years ago
How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?
Updated by Felix Schäfer about 14 years ago
If configured properly as ssl, see FAQ.
Updated by Felix Schäfer about 14 years ago
- Target version set to 1.0.2
A little more info about ActionController::Request#ssl?
: http://apidock.com/rails/ActionController/Request/ssl%3F
AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)
Updated by Eric Davis about 14 years ago
- Status changed from New to Resolved
- Assignee set to Eric Davis
- % Done changed from 0 to 100
Added in r4103. I had to add an extra check for request
, it was failing in a test.
Updated by Eric Davis about 14 years ago
- Status changed from Resolved to Closed
Merged into 1.0-stable for release in 1.0.2