= bug description = When I access https://fedorahosted.org/fedora-infrastructure/ticket/3185#comment:9 Firefox does not validate the certificate properly.
= bug analysis =
Images from gravatar are embedded using plain HTTP and URLs like http://www.gravatar.com/avatar/9edd1a4189c2e1b98a461e1fa4fbddd5?size=60
= fix recommendation =
Disable the gravatar usage or use HTTPS URLs for gravatar.
I've mailed upstream about this issue. We could just change the link to https (and switch to gravatar.com instead of www.gravatar.com), but perhaps they have a way to check and use whatever you access the trac link from, which would be more elegant.
It might be possible to use links like
{{{///gravatar.com/avatar/9edd1a4189c2e1b98a461e1fa4fbddd5?size=60}}}
that automatically point to either http or https depending on the protocol used to access the respective web page, but I do not know which browsers support this.
Upstream has landed a commit to fix this:
https://bitbucket.org/zzzeek/tracvatar/changeset/bc7b4f2e0f60/raw/
Will need to test, then he will release a 1.5, which we then need to update in epel and get on hosted. ;)
ok. I did some testing and applied a fixed version to hosted...
Till: Can you check and confirm that it seems fixed now?
If so, I will tell upstream to cut the 1.5 release. ;)
Replying to [comment:4 kevin]:
Thank you for the fast response, it looks good now.
Great.
Log in to comment on this ticket.