Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#21161 closed enhancement (invalid)

Use protocol relative gravatar URLs

Reported by: charliesome Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch
Focuses: Cc:


This patch changes the get_avatar() function in wp-includes/pluggable.php to use protocol relative URLs instead of attempting to detect whether the blog is running over SSL or not.

The //gravatar.com/... links will use HTTP if the page is loaded over HTTP, or HTTPS is the page is loaded over HTTPS. These URLs are widely supported - they'll even work on IE6.

This is preferable as the current code will not work if Apache (or whichever server Wordpress is running on) is not the same server as the one doing SSL.

Attachments (1)

use-protocol-agnostic-url.patch (727 bytes) - added by charliesome 9 years ago.

Download all attachments as: .zip

Change History (4)

#1 @scribu
9 years ago

  • Milestone changed from Awaiting Review to 3.5

+1. I don't get why we don't use protocol agnostic URLs accross the board.

#2 @johnbillion
9 years ago

Not sure about this. Note the use of distributed subdomain selection based on the email address (which this patch removes). This improves performance on pages with many avatars (as browsers typically only load 2 resources from a given domain simultaneously).

#3 @nacin
9 years ago

  • Milestone 3.5 deleted
  • Resolution set to invalid
  • Status changed from new to closed

-1 on this for two reasons:

  1. This is not how the gravatar.com service is meant to be used. As johnbillion points out, note the distributed subdomain selection. Second, note secure.gravatar.com rather than gravatar.com. That is gravatar.com's preference.
  1. If your app server doesn't know it is serving content over SSL, then you are doing it wrong. You need to make sure that your app server has forwarded information (IP, port, protocol, etc.) properly set. See #15733, #19337, #9235, etc.
Note: See TracTickets for help on using tickets.