WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#8988 closed defect (bug) (fixed)

When accessing admin dashboard over https the use of gravatars makes the security appear broken

Reported by: Mossop Owned by:
Milestone: 2.7.1 Priority: normal
Severity: minor Version: 2.7
Component: Administration Keywords:
Focuses: Cc:

Description

I have FORCE_SSL_ADMIN and FORCE_SSL_LOGIN set to true for security however because the gravatars in the recent comments on the dashboard are requested over http it makes the security appear broken.

When accessing the dashboard over https I think it should either hide the gravatars or just serve a generic image from the wordpress install itself that could be served over https since gravatar doesn't seem to offer https support.

Change History (2)

comment:1 @ryan7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10461]) Use secure.gravatar.com for SSL avatar requests. fixes #8988 for trunk

comment:2 @ryan7 years ago

(In [10462]) Use secure.gravatar.com for SSL avatar requests. fixes #8988 for 2.7

Note: See TracTickets for help on using tickets.