プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #79908

完了

Always use HTTPS when accessing gravatar.com

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:
Closed
優先度:
通常
担当者:
-
カテゴリ:
UI_10
対象バージョン:
4.1.0_127
開始日:
2022/05/09
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/31022
category_id:
10
version_id:
127
issue_org_id:
31022
author_id:
332
assigned_to_id:
332
comments:
6
status_id:
5
tracker_id:
3
plus1:
0
affected_version:
closed_on:
affected_version_id:
ステータス-->[Closed]
引用

説明

Today it is recommended to use HTTPS when accessing websites, but Redmine accesses gravatar.com with HTTP if the Redmine instance is accessed with HTTP. This is because Redmine generates protocol-relative URLs for Gravatar images (#21855#note-2).

I think we don't have to switch the protocol to access gravatar.com depending on the protocol of the Redmine instance. It will be secure, and moreover, it may improve performance when there are a lot of icons on a single page because of HTTP/2 used in gravatar.com. With HTTP/2, clients can download images in parallel with a single TCP connection.


Index: lib/plugins/gravatar/lib/gravatar.rb
===================================================================
--- lib/plugins/gravatar/lib/gravatar.rb    (リビジョン 17938)
+++ lib/plugins/gravatar/lib/gravatar.rb    (作業コピー)
@@ -61,7 +61,7 @@

     # Returns the base Gravatar URL for the given email hash
     def gravatar_api_url(hash)
-      "//www.gravatar.com/avatar/#{hash}"
+      "https://www.gravatar.com/avatar/#{hash}"
     end

     # Return the gravatar URL for the given email address.

journals

--------------------------------------------------------------------------------
This updated patch is frozen string literals ready.

<pre><code class="diff">
Index: lib/plugins/gravatar/lib/gravatar.rb
===================================================================
--- lib/plugins/gravatar/lib/gravatar.rb (revision 17946)
+++ lib/plugins/gravatar/lib/gravatar.rb (working copy)
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
require 'digest/md5'
require 'cgi'

@@ -61,7 +63,7 @@

# Returns the base Gravatar URL for the given email hash
def gravatar_api_url(hash)
- "//www.gravatar.com/avatar/#{hash}"
+ 'https://www.gravatar.com/avatar/' + hash.to_s
end

# Return the gravatar URL for the given email address.
</code></pre>
--------------------------------------------------------------------------------
Committed.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
We should remove the @:ssl@ option because it is not used anymore:

<pre><code class="diff">
vagrant@jessie:/vagrant/project/redmine$ git diff lib/plugins/gravatar/
diff --git a/lib/plugins/gravatar/lib/gravatar.rb b/lib/plugins/gravatar/lib/gravatar.rb
index aa8500b..f368b99 100644
--- a/lib/plugins/gravatar/lib/gravatar.rb
+++ b/lib/plugins/gravatar/lib/gravatar.rb
@@ -34,9 +34,6 @@ module GravatarHelper

# The class to assign to the img tag for the gravatar.
:class => 'gravatar',
-
- # Whether or not to display the gravatars using HTTPS instead of HTTP
- :ssl => false,
}
</code></pre>
--------------------------------------------------------------------------------
Marius BALTEANU wrote:
> We should remove the @:ssl@ option because it is not used anymore:
>
> [...]

Committed the fix. Thank you for pointing it out.
--------------------------------------------------------------------------------

related_issues

relates,Closed,9112,Libravatar and Gravatar-compatible servers support

操作
リンクをコピー
 #1

Admin Redmine さんが3年以上前に更新

  • カテゴリUI_10 にセット
  • 対象バージョン4.1.0_127 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org