From: "Андрей Баранов" <admin@andrej-andb.ru>
To: Junio C Hamano <gitster@pobox.com>
Cc: Jonathan Nieder <jrnieder@gmail.com>,
git@vger.kernel.org,
Giuseppe Bilotta <giuseppe.bilotta@gmail.com>,
Jakub Narebski <jnareb@gmail.com>
Subject: Re: [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server
Date: Tue, 29 Jan 2013 05:33:49 +0700 [thread overview]
Message-ID: <CAJjU7bQtgaV1XBeeGnuwtz8m3bDtmRYxQE-QasWkoGHNb_NPjQ@mail.gmail.com> (raw)
In-Reply-To: <7v7gmxuekl.fsf@alter.siamese.dyndns.org>
Or maybe option like:
/etc/gitweb.conf:
$feature{'ssl'}{'default'} = ['allways']; ['auto']; ['none'];
but it's hard for me :) i don't know perl
2013/1/29 Junio C Hamano <gitster@pobox.com>:
> Jonathan Nieder <jrnieder@gmail.com> writes:
>
>> Junio C Hamano wrote:
>>>> Andrej Andb wrote:
>>
>>>>> --- a/gitweb/gitweb.perl
>>>>> +++ b/gitweb/gitweb.perl
>>>>> @@ -2068,7 +2068,7 @@ sub picon_url {
>>>>> if (!$avatar_cache{$email}) {
>>>>> my ($user, $domain) = split('@', $email);
>>>>> $avatar_cache{$email} =
>>>>> - "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
>>>>> + "//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
>> [...]
>>> Intuitively it feels strange that the above lets the site that gave
>>> you the base URL dictate over what scheme sites unrelated to it has
>>> to serve their resources.
>>
>> The main effect is to slightly improve privacy. A man in the middle
>> can still see the size of avatars and when you fetched them, but at
>> least this way when you are using HTTPS they do not see the names of
>> authors of commits you are looking at.
>>
>> It also avoids a mixed content warning.
>>
>> On the other hand, it hurts caching by proxies.
>
> I am sure mixed content warning was the primary motivation of the
> patch. Do we know these external sites actually server what we want
> over https://?
>
next prev parent reply other threads:[~2013-01-28 22:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-28 19:14 [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server Andrej Andb
2013-01-28 20:58 ` Jonathan Nieder
2013-01-28 21:54 ` Junio C Hamano
2013-01-28 21:58 ` Junio C Hamano
2013-01-28 22:10 ` Jonathan Nieder
2013-01-28 22:29 ` Junio C Hamano
2013-01-28 22:33 ` Андрей Баранов [this message]
2013-01-28 23:08 ` Junio C Hamano
2013-01-28 23:43 ` Андрей Баранов
2013-01-28 22:39 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJjU7bQtgaV1XBeeGnuwtz8m3bDtmRYxQE-QasWkoGHNb_NPjQ@mail.gmail.com \
--to=admin@andrej-andb.ru \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=giuseppe.bilotta@gmail.com \
--cc=jnareb@gmail.com \
--cc=jrnieder@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).