#8988 closed defect (bug) (fixed)
When accessing admin dashboard over https the use of gravatars makes the security appear broken
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.7.1 | Priority: | normal |
| Severity: | minor | Version: | 2.7 |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
I have FORCE_SSL_ADMIN and FORCE_SSL_LOGIN set to true for security however because the gravatars in the recent comments on the dashboard are requested over http it makes the security appear broken.
When accessing the dashboard over https I think it should either hide the gravatars or just serve a generic image from the wordpress install itself that could be served over https since gravatar doesn't seem to offer https support.
Change History (2)
Note: See
TracTickets for help on using
tickets.
(In [10461]) Use secure.gravatar.com for SSL avatar requests. fixes #8988 for trunk