On Thu, Jul 03, 2014 at 11:16:21AM +0200, Christian Hesse wrote: > looks like we have a certificate problem with libravatar email filter. For > base URL we use "//cdn.libravatar.org/", with is fine if cgit serves > unencrypted html pages. The url evaluates to "http://cdn.libravatar.org/" > then. However if cgit sends an encrypted site the url is > "https://cdn.libravatar.org/", with results in a certificate error as CN does > not match. > > We could just change the url to "//seccdn.libravatar.org/" or > "https://seccdn.libravatar.org/", but that would fetch the avatar via https > all the some. In fact the first one makes two requests as the http server > redirects to https one. > > Does the script know whether or not the site is encrypted? That would allow > us to choose the correct url. Any other ideas?
FWIW my vote would be to always use "https://seccdn.libravatar.org/", since HTTP->HTTPS is OK but HTTPS->HTTP is not and if HTTP is just going to redirect to HTTPS then we might as well go directly to the HTTPS. _______________________________________________ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit