avatars-gravatar causing the page to show as not secure

[claudi...@gmail.com]

Hi,

We have gerrit running with a reverse proxy. Whenever we do login on a session, it causes the browser to show the connection as "Not Secure" because gravatar is delivering the avatar image over http.

Has anyone dealt with this problem before?

Claudio.

[Ben Rohlfs]

The URL for avatars originates from AvatarProvider, which is an extension point. Do you know which avatar plugin is being used by your host?

The avatars-external plugin seems to support http being replaced by https:

https://gerrit.googlesource.com/plugins/avatars/external/+/503747022c395bae7833e2688b4e26e2d7a99413/src/main/java/com/googlesource/gerrit/plugins/avatars/external/ExternalUrlAvatarProvider.java#73

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/4b74be5d-559a-402e-9baf-d867792a2fc9n%40googlegroups.com.

[claudi...@gmail.com]

Hello,

Thanks for the reply. We are using avatars-gravatar. I've gone to their settings and indeed they do provide a config for that.

Cheers,

[xin zhang]

Hello All,

I'm using  avatars-external with gerrit 3.6.3, and set avatar.url to github, but the avatar show empty.

Is any idea?