プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #67662

完了

https-enabled gravatars when called over https

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:
Closed
優先度:
通常
担当者:
-
カテゴリ:
UI_10
対象バージョン:
1.0.2_24
開始日:
2010/07/21
期日:
進捗率:

100%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/5929
category_id:
10
version_id:
24
issue_org_id:
5929
author_id:
3866
assigned_to_id:
5
comments:
5
status_id:
5
tracker_id:
3
plus1:
0
affected_version:
closed_on:
affected_version_id:
ステータス-->[Closed]
引用

説明

The decision to serve gravatars from the SSL-enabled links or not is currently dependent on the setting protocol in the global configuration, this should be decided per-request depending on whether the request is through SSL or not. This would also stop some browsers (IE, who else?) bickering about some parts of the page being SSL-served and others not.

Index: app/helpers/application_helper.rb
===================================================================
--- app/helpers/application_helper.rb   (revision 3839)
+++ app/helpers/application_helper.rb   (working copy)
@@ -772,7 +784,7 @@
   # +user+ can be a User or a string that will be scanned for an email address (eg. 'joe ')
   def avatar(user, options = { })
     if Setting.gravatar_enabled?
-      options.merge!({:ssl => Setting.protocol == 'https', :default => Setting.gravatar_default})
+      options.merge!({:ssl => request.ssl?, :default => Setting.gravatar_default})
       email = nil
       if user.respond_to?(:mail)
         email = user.mail

journals

How would that work if you are using Apache with SSL but proxying to Redmine via mongrel? Would mongrel see the request as ssl or plain?
--------------------------------------------------------------------------------
If configured properly as ssl, see [[FAQ#Why-does-Redmine-use-http-links-when-I-want-it-to-use-https-links-in-Apache-SSL]].
--------------------------------------------------------------------------------
A little more info about @ActionController::Request#ssl?@: http://apidock.com/rails/ActionController/Request/ssl%3F

AFAIK this is the same method used by rails to determine if links it generates should be http or https, i.e. if redmine is behind a misconfigured reverse proxy, that won't be the only problem the user has ;-)
--------------------------------------------------------------------------------
Added in r4103. I had to add an extra check for @request@, it was failing in a test.
--------------------------------------------------------------------------------
Merged into 1.0-stable for release in 1.0.2
--------------------------------------------------------------------------------

related_issues

relates,Closed,9365,Gravatar don't utilize HTTPS

操作
リンクをコピー
 #1

Admin Redmine さんが3年以上前に更新

  • カテゴリUI_10 にセット
  • 対象バージョン1.0.2_24 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org