Re: [PATCH] gitweb: Add support for gravatar-ssl

[git@goeswhere.com]

On Thu, Aug 09, 2012 at 09:36:46PM +0200, Giuseppe Bilotta wrote:
> Chris West (Faux) wrote:
> 
> > Teach gitweb to allow 'avatar' to be set to 'gravatar-ssl', switching
> > to the https://secure.gravatar.com url form, to avoid mixed content
> > warnings when serving gitweb over https, with gravatar enabled.
> > ---
> > I'd alternatively propose always using the https:// form of the URL,
> > but it seems significantly slower, so it's probably best to let people
> > pick to continue using the insecure version.
> 
> Rather than introducing a new, separate setting, wouldn't it be better
> to have the gravatar URL be automatically decided based on the current
> gitweb URL? (use the ssl gravar url when the current protocol is https,
> and the standard http url otherwise)

I don't believe it's possible to reliably detect this kind of thing (on
the server side), think ssl terminators / reverse proxies / etc.,
although you can probably get 99% of the way there, which might be good
enough.

An alternative would be to dump some JS on the page to convert the SSL
links to non-SSL links if the page hasn't been loaded over SSL
(according to the browser)?  Or do it the other way around and ignore
the mixed content warnings that ssl users with no javascript will see.

I'd rather just hardcode the https version than do anything with JS.

> 
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html