Feature #2718
closed
Config option to use https://secure.gravatar.com
100%
Description
IE no gives an error message when redmine is used over ssl saying somethin like "unencrypted items are on this page, do you want to continue" If redmine could have a switch to let is use https://secure.gravatar.com, this would be fixed.
Do not automaticly detect https because redmine will probably be used often in a proxy setup.
If I have time, I'll create a patch
Updated by
Updated by Dan Cameron almost 15 years ago
+1 I had to hack the existing plugin.
also, an option to set the default gravatar would be good too.
Updated by Dan Cameron almost 15 years ago
Sorry, in my opinion this should be issued as a bug.
Updated by Eric Davis almost 15 years ago
- Assignee set to Eric Davis
Instead of an option, I think it would be best to autodetect if Redmine is running with SSL and dynamically change the url. I'll take this issue since I need to do some work in the Gravatar section anyways.
Updated by Eric Davis over 14 years ago
- Status changed from New to Closed
- Target version set to 0.9.0
- % Done changed from 0 to 100
- Resolution set to Fixed
I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.
Updated by aruseni magiku almost 12 years ago
Eric Davis wrote:
I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.
It looks like (according to app/helpers/application_helper.rb, Redmine 1.4.3) the SSL option is set depending on the protocol that is used to access a web page (so it will be SSL if you open the web page via HTTPS), not on the Protocol setting (which is used for adding links to the email notifications).
In my case, I needed to add proxy_set_header X-Forwarded-Proto https; to the nginx config (without this header Redmine considered the requests as HTTP requests and avatars were loaded via HTTP, although the rest of the content was loaded through HTTPS).
Alternatively (if the same configuration is used for both HTTP and HTTPS), one would add:
proxy_set_header X-Forwarded-Proto $scheme;