Patch #5929

https-enabled gravatars when called over https

Added by Felix Schäfer about 10 years ago. Updated almost 10 years ago.

Status:ClosedStart date:2010-07-21
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:UI
Target version:1.0.2

Description

The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.

Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb    (revision 3839)
+++ app/helpers/application_helper.rb    (working copy)
@@ -772,7 +784,7 @@
   # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
   def avatar(user, options = { })
     if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
       email = nil
       if user.respond_to?(:mail)
         email = user.mail

Related issues

Related to Redmine - Defect #9365: Gravatar don't utilize HTTPS Closed 2011-10-03

Associated revisions

Revision 4103
Added by Eric Davis almost 10 years ago

Turn on ssl Gravatars for all SSL requests. #5929

Contributed by Felix Schäfer

History

#1 Updated by Eric Davis about 10 years ago

How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?

#2 Updated by Felix Schäfer about 10 years ago

If configured properly as ssl, see FAQ.

#3 Updated by Felix Schäfer almost 10 years ago

  • Target version set to 1.0.2

A little more info about ActionController::Request#ssl?: http://apidock.com/rails/ActionController/Request/ssl%3F

AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)

#4 Updated by Eric Davis almost 10 years ago

  • Status changed from New to Resolved
  • Assignee set to Eric Davis
  • % Done changed from 0 to 100

Added in r4103. I had to add an extra check for request, it was failing in a test.

#5 Updated by Eric Davis almost 10 years ago

  • Status changed from Resolved to Closed

Merged into 1.0-stable for release in 1.0.2

Also available in: Atom PDF