Project

General

Profile

Actions

Patch #5929

closed

https-enabled gravatars when called over https

Added by Felix Schäfer over 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
UI
Target version:
Start date:
2010-07-21
Due date:
% Done:

100%

Estimated time:

Description

The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.

Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb    (revision 3839)
+++ app/helpers/application_helper.rb    (working copy)
@@ -772,7 +784,7 @@
   # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
   def avatar(user, options = { })
     if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
       email = nil
       if user.respond_to?(:mail)
         email = user.mail

Related issues

Related to Redmine - Defect #9365: Gravatar don't utilize HTTPSClosedJean-Baptiste Barth2011-10-03

Actions
Actions #1

Updated by Eric Davis about 14 years ago

How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?

Actions #2

Updated by Felix Schäfer about 14 years ago

If configured properly as ssl, see FAQ.

Actions #3

Updated by Felix Schäfer about 14 years ago

  • Target version set to 1.0.2

A little more info about ActionController::Request#ssl?: http://apidock.com/rails/ActionController/Request/ssl%3F

AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)

Actions #4

Updated by Eric Davis about 14 years ago

  • Status changed from New to Resolved
  • Assignee set to Eric Davis
  • % Done changed from 0 to 100

Added in r4103. I had to add an extra check for request, it was failing in a test.

Actions #5

Updated by Eric Davis about 14 years ago

  • Status changed from Resolved to Closed

Merged into 1.0-stable for release in 1.0.2

Actions

Also available in: Atom PDF