Or maybe option like:
/etc/gitweb.conf:
$feature{'ssl'}{'default'} = ['allways']; ['auto']; ['none'];

but it's hard for me :) i don't know perl

2013/1/29 Junio C Hamano <gits...@pobox.com>:
> Jonathan Nieder <jrnie...@gmail.com> writes:
>
>> Junio C Hamano wrote:
>>>> Andrej Andb wrote:
>>
>>>>> --- a/gitweb/gitweb.perl
>>>>> +++ b/gitweb/gitweb.perl
>>>>> @@ -2068,7 +2068,7 @@ sub picon_url {
>>>>>    if (!$avatar_cache{$email}) {
>>>>>            my ($user, $domain) = split('@', $email);
>>>>>            $avatar_cache{$email} =
>>>>> -                  
>>>>> "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/"; .
>>>>> +                  
>>>>> "//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
>> [...]
>>> Intuitively it feels strange that the above lets the site that gave
>>> you the base URL dictate over what scheme sites unrelated to it has
>>> to serve their resources.
>>
>> The main effect is to slightly improve privacy.  A man in the middle
>> can still see the size of avatars and when you fetched them, but at
>> least this way when you are using HTTPS they do not see the names of
>> authors of commits you are looking at.
>>
>> It also avoids a mixed content warning.
>>
>> On the other hand, it hurts caching by proxies.
>
> I am sure mixed content warning was the primary motivation of the
> patch.  Do we know these external sites actually server what we want
> over https://?
>
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to