Patch #5929

https-enabled gravatars when called over https

Added by Felix Schäfer over 7 years ago. Updated about 7 years ago.

Status:ClosedStart date:2010-07-21
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:UI
Target version:1.0.2

Description

The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.

Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb    (revision 3839)
+++ app/helpers/application_helper.rb    (working copy)
@@ -772,7 +784,7 @@
   # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
   def avatar(user, options = { })
     if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
       email = nil
       if user.respond_to?(:mail)
         email = user.mail

Related issues

Related to Redmine - Defect #9365: Gravatar don't utilize HTTPS Closed 2011-10-03

Associated revisions

Revision 4103
Added by Eric Davis about 7 years ago

Turn on ssl Gravatars for all SSL requests. #5929

Contributed by Felix Schäfer

History

#1 Updated by Eric Davis over 7 years ago

How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?

#2 Updated by Felix Schäfer over 7 years ago

If configured properly as ssl, see FAQ.

#3 Updated by Felix Schäfer about 7 years ago

  • Target version set to 1.0.2

A little more info about ActionController::Request#ssl?: http://apidock.com/rails/ActionController/Request/ssl%3F

AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)

#4 Updated by Eric Davis about 7 years ago

  • Status changed from New to Resolved
  • Assignee set to Eric Davis
  • % Done changed from 0 to 100

Added in r4103. I had to add an extra check for request, it was failing in a test.

#5 Updated by Eric Davis about 7 years ago

  • Status changed from Resolved to Closed

Merged into 1.0-stable for release in 1.0.2

Also available in: Atom PDF