From: Jonathan Nieder <jrnieder@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Andrej Andb <admin@andrej-andb.ru>,
git@vger.kernel.org,
Giuseppe Bilotta <giuseppe.bilotta@gmail.com>,
Jakub Narebski <jnareb@gmail.com>
Subject: Re: [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server
Date: Mon, 28 Jan 2013 14:10:26 -0800 [thread overview]
Message-ID: <20130128221026.GE7759@google.com> (raw)
In-Reply-To: <7vfw1lug6f.fsf@alter.siamese.dyndns.org>
Junio C Hamano wrote:
>> Andrej Andb wrote:
>>> --- a/gitweb/gitweb.perl
>>> +++ b/gitweb/gitweb.perl
>>> @@ -2068,7 +2068,7 @@ sub picon_url {
>>> if (!$avatar_cache{$email}) {
>>> my ($user, $domain) = split('@', $email);
>>> $avatar_cache{$email} =
>>> - "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
>>> + "//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
[...]
> Intuitively it feels strange that the above lets the site that gave
> you the base URL dictate over what scheme sites unrelated to it has
> to serve their resources.
The main effect is to slightly improve privacy. A man in the middle
can still see the size of avatars and when you fetched them, but at
least this way when you are using HTTPS they do not see the names of
authors of commits you are looking at.
It also avoids a mixed content warning.
On the other hand, it hurts caching by proxies.
Jonathan
next prev parent reply other threads:[~2013-01-28 22:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-28 19:14 [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server Andrej Andb
2013-01-28 20:58 ` Jonathan Nieder
2013-01-28 21:54 ` Junio C Hamano
2013-01-28 21:58 ` Junio C Hamano
2013-01-28 22:10 ` Jonathan Nieder [this message]
2013-01-28 22:29 ` Junio C Hamano
2013-01-28 22:33 ` Андрей Баранов
2013-01-28 23:08 ` Junio C Hamano
2013-01-28 23:43 ` Андрей Баранов
2013-01-28 22:39 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130128221026.GE7759@google.com \
--to=jrnieder@gmail.com \
--cc=admin@andrej-andb.ru \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=giuseppe.bilotta@gmail.com \
--cc=jnareb@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).