Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-11 16:05:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Load Gravatar images always through HTTPS

Browse Source 
This patch will force to load Gravatar images always through HTTPS which
will fix the problem with mixed content when accessing the page through
HTTPS.

The problem is that if an HTTPS page includes HTTP content, the HTTP
portion can be read or modified by attackers, even though the main page
is served over HTTPS.
This commit is contained in:
Jiri Tyr
2013-11-10 00:42:17 +00:00
parent f573fef9eb
commit 7174523ac5
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/scala/view/AvatarImageProvider.scala
View File

@@ -17,7 +17,7 @@ trait AvatarImageProvider { self: RequestCache =>
// by user name
getAccountByUserName(userName).map { account =>
if(account.image.isEmpty && getSystemSettings().gravatar){
s"""http://www.gravatar.com/avatar/${StringUtil.md5(account.mailAddress.toLowerCase)}?s=${size}"""
s"""https://www.gravatar.com/avatar/${StringUtil.md5(account.mailAddress.toLowerCase)}?s=${size}"""
} else {
s"""${context.path}/${account.userName}/_avatar"""
}
@@ -28,13 +28,13 @@ trait AvatarImageProvider { self: RequestCache =>
// by mail address
getAccountByMailAddress(mailAddress).map { account =>
if(account.image.isEmpty && getSystemSettings().gravatar){
s"""http://www.gravatar.com/avatar/${StringUtil.md5(account.mailAddress.toLowerCase)}?s=${size}"""
s"""https://www.gravatar.com/avatar/${StringUtil.md5(account.mailAddress.toLowerCase)}?s=${size}"""
} else {
s"""${context.path}/${account.userName}/_avatar"""
}
} getOrElse {
if(getSystemSettings().gravatar){
s"""http://www.gravatar.com/avatar/${StringUtil.md5(mailAddress.toLowerCase)}?s=${size}"""
s"""https://www.gravatar.com/avatar/${StringUtil.md5(mailAddress.toLowerCase)}?s=${size}"""
} else {
s"""${context.path}/_unknown/_avatar"""
}