Re: [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server
Or maybe option like: /etc/gitweb.conf: $feature{'ssl'}{'default'} = ['allways']; ['auto']; ['none']; but it's hard for me :) i don't know perl 2013/1/29 Junio C Hamano gits...@pobox.com: Jonathan Nieder jrnie...@gmail.com writes: Junio C Hamano wrote: Andrej Andb wrote: --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2068,7 +2068,7 @@ sub picon_url { if (!$avatar_cache{$email}) { my ($user, $domain) = split('@', $email); $avatar_cache{$email} = - http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/; . + //www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/ . [...] Intuitively it feels strange that the above lets the site that gave you the base URL dictate over what scheme sites unrelated to it has to serve their resources. The main effect is to slightly improve privacy. A man in the middle can still see the size of avatars and when you fetched them, but at least this way when you are using HTTPS they do not see the names of authors of commits you are looking at. It also avoids a mixed content warning. On the other hand, it hurts caching by proxies. I am sure mixed content warning was the primary motivation of the patch. Do we know these external sites actually server what we want over https://? -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server
re sended. Very big thanks for example :D 2013/1/29 Junio C Hamano gits...@pobox.com: Андрей Баранов ad...@andrej-andb.ru writes: Or maybe option like: /etc/gitweb.conf: $feature{'ssl'}{'default'} = ['allways']; ['auto']; ['none']; but it's hard for me :) i don't know perl The effect is the same and your original patch is shorter and cleaner to see what is going on; as far as the patch text is concerned, the original one is just fine. Except that we wanted a bit more stuff before --- line. How about something like this? Subject: [PATCH] gitweb: refer to picon/gravatar images over the same scheme The images from picon and gravatar are always used over http://, and browsers give mixed contents warning when gitweb is served over https://. Just drop the scheme: part from the URL, so that these external sites are accessed over https:// in such a case. Signed-off-by: Your Name y...@addre.ss --- gitweb/gitweb.perl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl ... -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html