Project

General

Profile

Actions
Copy link

Patch #5929

closed

https-enabled gravatars when called over https

Added by Felix Schäfer over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Davis
Category:
UI
Target version:
1.0.2
Start date:
2010-07-21
Due date:
% Done:

100%

Estimated time:

Description

The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.

Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb    (revision 3839)
+++ app/helpers/application_helper.rb    (working copy)
@@ -772,7 +784,7 @@
   # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe <joe@foo.bar>')
   def avatar(user, options = { })
     if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
       email = nil
       if user.respond_to?(:mail)
         email = user.mail

Related issues

Related to Redmine - Defect #9365: Gravatar don't utilize HTTPSClosedJean-Baptiste Barth2011-10-03

Actions
Actions
Copy link
 #1

Updated by Eric Davis over 13 years ago

How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?

Actions
Copy link
 #2

Updated by Felix Schäfer over 13 years ago

If configured properly as ssl, see FAQ.

Actions
Copy link
 #3

Updated by Felix Schäfer over 13 years ago

  • Target version set to 1.0.2

A little more info about ActionController::Request#ssl?: http://apidock.com/rails/ActionController/Request/ssl%3F

AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)

Actions
Copy link
 #4

Updated by Eric Davis over 13 years ago

  • Status changed from New to Resolved
  • Assignee set to Eric Davis
  • % Done changed from 0 to 100

Added in r4103. I had to add an extra check for request, it was failing in a test.

Actions
Copy link
 #5

Updated by Eric Davis over 13 years ago

  • Status changed from Resolved to Closed

Merged into 1.0-stable for release in 1.0.2

Actions
Copy link

Also available in: Atom PDF