Project

General

Profile

Actions

Feature #2718

closed

Config option to use https://secure.gravatar.com

Added by Pim Snel almost 16 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
2009-02-11
Due date:
% Done:

100%

Estimated time:
Resolution:
Fixed

Description

IE no gives an error message when redmine is used over ssl saying somethin like "unencrypted items are on this page, do you want to continue" If redmine could have a switch to let is use https://secure.gravatar.com, this would be fixed.

Do not automaticly detect https because redmine will probably be used often in a proxy setup.

If I have time, I'll create a patch

Actions #1

Updated by Nicolas Gauthier over 15 years ago

+1

Actions #2

Updated by Dan Cameron over 15 years ago

+1 I had to hack the existing plugin.

also, an option to set the default gravatar would be good too.

Actions #3

Updated by Dan Cameron over 15 years ago

Sorry, in my opinion this should be issued as a bug.

Actions #4

Updated by Eric Davis over 15 years ago

  • Assignee set to Eric Davis

Instead of an option, I think it would be best to autodetect if Redmine is running with SSL and dynamically change the url. I'll take this issue since I need to do some work in the Gravatar section anyways.

Actions #5

Updated by Eric Davis over 15 years ago

  • Status changed from New to Closed
  • Target version set to 0.9.0
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.

Actions #6

Updated by aruseni magiku over 12 years ago

Eric Davis wrote:

I ended up upgrading the gravatar plugin which included SSL support. So now Redmine will use the secure gravatars when the the protocol setting is set to https.

It looks like (according to app/helpers/application_helper.rb, Redmine 1.4.3) the SSL option is set depending on the protocol that is used to access a web page (so it will be SSL if you open the web page via HTTPS), not on the Protocol setting (which is used for adding links to the email notifications).

In my case, I needed to add proxy_set_header X-Forwarded-Proto https; to the nginx config (without this header Redmine considered the requests as HTTP requests and avatars were loaded via HTTP, although the rest of the content was loaded through HTTPS).

Alternatively (if the same configuration is used for both HTTP and HTTPS), one would add:

proxy_set_header X-Forwarded-Proto $scheme;

Actions

Also available in: Atom PDF