Opened 3 years ago
Last modified 3 years ago
#54363 new enhancement
Always load gravatars over HTTPS
Reported by: | dimadin | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
By default, when page is loaded over HTTP, gravatars are also loaded over HTTP. This can and should be changed.
There are two things here:
- First thing is that default URL base in
get_avatar_data()
needs to be changed. Now, if page is loaded over HTTP, it uses domain sharding technique to load gravatar from one of three hostnames,(0|1|2).gravatar.com
. With HTTP/2, domain sharding is obsolete. When page is loaded over HTTPS, gravatar is (correctly) always loaded from one hostname,secure.gravatar.com
. I have changed this behavior so that only hostname used iswww.gravatar.com
. All of these five hostnames are behind CDN so speed wise it doesn't matter what hostname is used, but someone from @automattic can give review. - Second thing is that default URL scheme used in
get_avatar_data()
needs to be changed. Now, default scheme isnull
. Since that value is passed toset_url_scheme()
it means that scheme of URL is changed to scheme of loaded page. To be able to always have HTTPS scheme by default, default scheme value need to be changed fromnull
tohttps
. For this, I have updatedget_avatar_data()
,get_avatar_url()
andget_avatar()
, and their documentation, but I have not added changelog since I'm unsure should we log changes in one of attributes.
I have also updated tests.
Change History (1)
This ticket was mentioned in PR #1792 on WordPress/wordpress-develop by dimadin.
3 years ago
#1
Note: See
TracTickets for help on using
tickets.
Trac ticket: https://core.trac.wordpress.org/ticket/54363