1. Marcin Kuzminski
  2. RhodeCode
  3. Issues


Issue #484 invalid

Allow the use of Secure Gravatar (SSL) to avoid mixed content warnings

Arsène von Wyss
created an issue

Many browsers warn the user when he is browsing a secure site which also requests non-secure content. When using RhodeCode over SSL, such warnings appear because of the request to the user Gravatar.

Using https://secure.gravatar.com/... (either optionally or always) would solve this.

Comments (4)

  1. Marcin Kuzminski repo owner

    That is the case right now, rhodecode detects, if ssl is used by checking 'wsgi.url_scheme' if it's https it will use secure gravatars.

    I don't know how do you serve rhodecode with SSL, but you can try out force_https in .ini file to make that work anyway.

  2. Arsène von Wyss reporter

    For various reasons we are using RhodeCode behind a reverse proxy; the proxy has the certificate and accepts the SSL calls. I changed the clone_uri scheme to match the reverse proxy and everything seemed fine but the issue with the Gravatars.

    With force_https set to true the Gravatar issue is indeed solved, but direct access to the backend server via non-secured connection now obviously gets the wrong protocol in redirects. I tried having the proxy set the HTTP_X_URL_SCHEME header but this doesn't work yet (not sure where - will investigate).

  3. Log in to comment