Project

General

Profile

Actions

Patch #31022

closed

Always use HTTPS when accessing gravatar.com

Added by Go MAEDA almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
UI
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Today it is recommended to use HTTPS when accessing websites, but Redmine accesses gravatar.com with HTTP if the Redmine instance is accessed with HTTP. This is because Redmine generates protocol-relative URLs for Gravatar images (#21855#note-2).

I think we don't have to switch the protocol to access gravatar.com depending on the protocol of the Redmine instance. It will be secure, and moreover, it may improve performance when there are a lot of icons on a single page because of HTTP/2 used in gravatar.com. With HTTP/2, clients can download images in parallel with a single TCP connection.

Index: lib/plugins/gravatar/lib/gravatar.rb
===================================================================
--- lib/plugins/gravatar/lib/gravatar.rb    (リビジョン 17938)
+++ lib/plugins/gravatar/lib/gravatar.rb    (作業コピー)
@@ -61,7 +61,7 @@

     # Returns the base Gravatar URL for the given email hash
     def gravatar_api_url(hash)
-      "//www.gravatar.com/avatar/#{hash}" 
+      "https://www.gravatar.com/avatar/#{hash}" 
     end

     # Return the gravatar URL for the given email address.

Related issues

Related to Redmine - Feature #9112: Libravatar and Gravatar-compatible servers supportClosedGo MAEDA2011-08-24

Actions
Actions

Also available in: Atom PDF