[PATCH] gitweb: Add support for gravatar-ssl

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] gitweb: Add support for gravatar-ssl
@ 2012-08-09 18:42 Chris West (Faux)
  2012-08-09 19:36 ` Giuseppe Bilotta
  0 siblings, 1 reply; 3+ messages in thread
From: Chris West (Faux) @ 2012-08-09 18:42 UTC (permalink / raw)
  To: git

Teach gitweb to allow 'avatar' to be set to 'gravatar-ssl', switching
to the https://secure.gravatar.com url form, to avoid mixed content
warnings when serving gitweb over https, with gravatar enabled.
---

I'd alternatively propose always using the https:// form of the URL,
but it seems significantly slower, so it's probably best to let people
pick to continue using the insecure version.

 gitweb/gitweb.perl |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 3d6a705..d70e8b8 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -482,7 +482,7 @@ our %feature = (
 
 	# To enable system wide have in $GITWEB_CONFIG
 	# $feature{'avatar'}{'default'} = ['<provider>'];
-	# where <provider> is either gravatar or picon.
+	# where <provider> is either gravatar, gravatar-ssl or picon.
 	# To have project specific config enable override in $GITWEB_CONFIG
 	# $feature{'avatar'}{'override'} = 1;
 	# and in project config gitweb.avatar = <provider>;
@@ -1117,7 +1117,7 @@ sub configure_gitweb_features {
 	# if the provider name is invalid or the dependencies are not met,
 	# reset $git_avatar to the empty string.
 	our ($git_avatar) = gitweb_get_feature('avatar');
-	if ($git_avatar eq 'gravatar') {
+	if ($git_avatar eq 'gravatar' || $git_avatar eq 'gravatar-ssl') {
 		$git_avatar = '' unless (eval { require Digest::MD5; 1; });
 	} elsif ($git_avatar eq 'picon') {
 		# no dependencies
@@ -2079,7 +2079,10 @@ sub gravatar_url {
 	my $email = lc shift;
 	my $size = shift;
 	$avatar_cache{$email} ||=
-		"http://www.gravatar.com/avatar/" .
+		($git_avatar eq 'gravatar-ssl' ?
+			"https://secure" :
+			"http://www")
+		. ".gravatar.com/avatar/" .
 			Digest::MD5::md5_hex($email) . "?s=";
 	return $avatar_cache{$email} . $size;
 }
@@ -2093,7 +2096,7 @@ sub git_get_avatar {
 	$opts{-size} ||= 'default';
 	my $size = $avatar_size{$opts{-size}} || $avatar_size{'default'};
 	my $url = "";
-	if ($git_avatar eq 'gravatar') {
+	if ($git_avatar eq 'gravatar' || $git_avatar eq 'gravatar-ssl') {
 		$url = gravatar_url($email, $size);
 	} elsif ($git_avatar eq 'picon') {
 		$url = picon_url($email);
-- 
1.7.10

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] gitweb: Add support for gravatar-ssl
  2012-08-09 18:42 [PATCH] gitweb: Add support for gravatar-ssl Chris West (Faux)
@ 2012-08-09 19:36 ` Giuseppe Bilotta
  2012-08-09 19:53   ` git
  0 siblings, 1 reply; 3+ messages in thread
From: Giuseppe Bilotta @ 2012-08-09 19:36 UTC (permalink / raw)
  To: Chris West, git

Chris West (Faux) wrote:

> Teach gitweb to allow 'avatar' to be set to 'gravatar-ssl', switching
> to the https://secure.gravatar.com url form, to avoid mixed content
> warnings when serving gitweb over https, with gravatar enabled.
> ---
> I'd alternatively propose always using the https:// form of the URL,
> but it seems significantly slower, so it's probably best to let people
> pick to continue using the insecure version.

Rather than introducing a new, separate setting, wouldn't it be better
to have the gravatar URL be automatically decided based on the current
gitweb URL? (use the ssl gravar url when the current protocol is https,
and the standard http url otherwise)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] gitweb: Add support for gravatar-ssl
  2012-08-09 19:36 ` Giuseppe Bilotta
@ 2012-08-09 19:53   ` git
  0 siblings, 0 replies; 3+ messages in thread
From: git @ 2012-08-09 19:53 UTC (permalink / raw)
  To: git

On Thu, Aug 09, 2012 at 09:36:46PM +0200, Giuseppe Bilotta wrote:
> Chris West (Faux) wrote:
> 
> > Teach gitweb to allow 'avatar' to be set to 'gravatar-ssl', switching
> > to the https://secure.gravatar.com url form, to avoid mixed content
> > warnings when serving gitweb over https, with gravatar enabled.
> > ---
> > I'd alternatively propose always using the https:// form of the URL,
> > but it seems significantly slower, so it's probably best to let people
> > pick to continue using the insecure version.
> 
> Rather than introducing a new, separate setting, wouldn't it be better
> to have the gravatar URL be automatically decided based on the current
> gitweb URL? (use the ssl gravar url when the current protocol is https,
> and the standard http url otherwise)

I don't believe it's possible to reliably detect this kind of thing (on
the server side), think ssl terminators / reverse proxies / etc.,
although you can probably get 99% of the way there, which might be good
enough.

An alternative would be to dump some JS on the page to convert the SSL
links to non-SSL links if the page hasn't been loaded over SSL
(according to the browser)?  Or do it the other way around and ignore
the mixed content warnings that ssl users with no javascript will see.

I'd rather just hardcode the https version than do anything with JS.

> 
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-08-09 19:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-09 18:42 [PATCH] gitweb: Add support for gravatar-ssl Chris West (Faux)
2012-08-09 19:36 ` Giuseppe Bilotta
2012-08-09 19:53   ` git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).