Junio C Hamano wrote:
>> Andrej Andb wrote:

>>> --- a/gitweb/gitweb.perl
>>> +++ b/gitweb/gitweb.perl
>>> @@ -2068,7 +2068,7 @@ sub picon_url {
>>>     if (!$avatar_cache{$email}) {
>>>             my ($user, $domain) = split('@', $email);
>>>             $avatar_cache{$email} =
>>> -                   
>>> "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/"; .
>>> +                   "//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" 
>>> .
> Intuitively it feels strange that the above lets the site that gave
> you the base URL dictate over what scheme sites unrelated to it has
> to serve their resources.

The main effect is to slightly improve privacy.  A man in the middle
can still see the size of avatars and when you fetched them, but at
least this way when you are using HTTPS they do not see the names of
authors of commits you are looking at.

It also avoids a mixed content warning.

On the other hand, it hurts caching by proxies.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to