Opened 13 years ago
Closed 13 years ago
#4110 closed defect (bug) (fixed)
Avatar URLs always use http (ignore https)
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 1.6 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Core | Keywords: | |
Cc: |
Description
If on https, the avatar URLs are hardcoded to use http in many situations. User uploaded avatars are fetched over http, and the fallback avatar image passed to gravatar.com is also hardcoded to http (though the gravatar.com URL does use http/s appropriately). This causes warnings in web browsers as you are fetching non-https content when on a https domain.
Change History (2)
Note: See
TracTickets for help on using
tickets.
There are a whole bunch of tickets on wptrac about this sort of issue, including wp_upload_path(), which we use for avatar paths. See #WP13941, #WP15928, #WP19037 if interested. I think the issue is worth fixing in BuddyPress as it's lightweight, future proof, and we half-account for https for gravatar already.