Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Jonathan Nieder writes: > Junio C Hamano wrote: >> Jonathan Nieder writes: > >>> Odd. "https://www.gravatar.com/"; also seems to work. I've put in a >>> technical support query to find out what the Gravatar admins prefer. >> >> Thanks; will hold onto Andrej's patch until we hear what the story >> is. > > Good news: a kind person from Automattic answered that > www.gravatar.com should work fine over SSL, both now and in the > future, and promised to add updating documentation to their todo list. > > Thanks for your help and patience. I'll merge Andrej's topic to 'next' in the next integration cycle. The fix should hit 'master' no later than the beginning of next week. Thanks. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Junio C Hamano wrote: > Jonathan Nieder writes: >> Odd. "https://www.gravatar.com/"; also seems to work. I've put in a >> technical support query to find out what the Gravatar admins prefer. > > Thanks; will hold onto Andrej's patch until we hear what the story > is. Good news: a kind person from Automattic answered that www.gravatar.com should work fine over SSL, both now and in the future, and promised to add updating documentation to their todo list. Thanks for your help and patience. Jonathan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Jonathan Nieder writes:
> Odd. "https://www.gravatar.com/"; also seems to work. I've put in a
> technical support query to find out what the Gravatar admins prefer.
Thanks; will hold onto Andrej's patch until we hear what the story
is.
Of course we could do something like this (untested).
gitweb/gitweb.perl | 24 +++-
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index c6bafe6..b59773b 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -313,6 +313,14 @@ sub evaluate_uri {
'override' => 0,
'default' => [0]},
+ # Use https:// URL for embedded picons/gravatar images, to be used
+ # on installations that server gitweb over https://
+ 'subcontentssl' => {
+ 'sub' => sub { feature_bool('subcontentssl', @_) },
+ 'override' => 0,
+ 'default' => [0]},
+ }
+
# Enable the 'snapshot' link, providing a compressed archive of any
# tree. This can potentially generate high traffic if you have large
# project.
@@ -,6 +1119,7 @@ sub evaluate_git_dir {
}
our (@snapshot_fmts, $git_avatar);
+our ($gravatar_base_url, $picon_base_url);
sub configure_gitweb_features {
# list of supported snapshot formats
our @snapshot_fmts = gitweb_get_feature('snapshot');
@@ -1121,10 +1130,17 @@ sub configure_gitweb_features {
# if the provider name is invalid or the dependencies are not met,
# reset $git_avatar to the empty string.
our ($git_avatar) = gitweb_get_feature('avatar');
+ my $use_https = gitweb_check_feature('subcontentssl');
+
if ($git_avatar eq 'gravatar') {
$git_avatar = '' unless (eval { require Digest::MD5; 1; });
+ $gravatar_base_url = $use_https ?
+ "https://secure.gravatar.com/avatar/"; :
+ "http://www.gravatar.com/avatar/";;
} elsif ($git_avatar eq 'picon') {
- # no dependencies
+ $picon_base_url = $use_https ?
+
"http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/"; :
+
"https://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/";;
} else {
$git_avatar = '';
}
@@ -2068,7 +2084,7 @@ sub picon_url {
if (!$avatar_cache{$email}) {
my ($user, $domain) = split('@', $email);
$avatar_cache{$email} =
-
"http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/"; .
+ $picon_base_url .
"$domain/$user/" .
"users+domains+unknown/up/single";
}
@@ -2082,9 +2098,7 @@ sub picon_url {
sub gravatar_url {
my $email = lc shift;
my $size = shift;
- $avatar_cache{$email} ||=
- "http://www.gravatar.com/avatar/"; .
- Digest::MD5::md5_hex($email) . "?s=";
+ $avatar_cache{$email} ||= $gravatar_base_url .
Digest::MD5::md5_hex($email) . "?s=";
return $avatar_cache{$email} . $size;
}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Interesting. I wonder if they've changed it recently. I only pointed it out because a software product I'm working on had a bug because it was building the URLs with "https://www..."; and the resulting images were showing as X's instead of avatars. We had to change the implementation to use "https://secure..."; to get the avatars to load correctly. That's been ~8 months ago now, though, so maybe it's no longer the case. It seems like it would be much more convenient if they just changed the scheme. Bryan On 29 January 2013 15:12, Jonathan Nieder wrote: > Hi Bryan, > > Bryan Turner wrote: > >> This won't work correctly as-is. The secure URL for Gravatar is >> "https://secure.gravatar.com"[1], not "https://www.gravatar.com";. > > Odd. "https://www.gravatar.com/"; also seems to work. I've put in a > technical support query to find out what the Gravatar admins prefer. > > Thanks, > Jonathan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Hi Bryan, Bryan Turner wrote: > This won't work correctly as-is. The secure URL for Gravatar is > "https://secure.gravatar.com"[1], not "https://www.gravatar.com";. Odd. "https://www.gravatar.com/"; also seems to work. I've put in a technical support query to find out what the Gravatar admins prefer. Thanks, Jonathan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
This won't work correctly as-is. The secure URL for Gravatar is "https://secure.gravatar.com"[1], not "https://www.gravatar.com";. [1] See the "Secure Requests" section on: https://en.gravatar.com/site/implement/images/ On 29 January 2013 14:03, Junio C Hamano wrote: > > Thanks; will queue. > > > -- > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://.
Thanks; will queue. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
