Support Forum
I'm playing with a Simple:Press install on an SSL-secured site. It looks like all resources are being pulled down securely (i.e. with the https prefix) except for one - the gravatar image when you are logged on. For example, when I log in the following image is used in the top left corner:
http://www.gravatar.com/avatar.....p;rating=g
Since it's not secure (http insted of https), Chrome gives a warning about mixed content being on the page. I flushed caches, checked the forum settings and Gravatar settings and don't see a way to change it. I even tried the Gravatar cache plugin but then a new problem develops - a 404 error occurs presumably because a routing issue is preventing the IIS server from finding the resource. (FYI, if you change the cache file to use a file extension instead of being extensionless, this problem would disappear.)
You can see the issue for yourself at https://galleryserverpro.com/forum/.
Cheers!
Roger
interesting... not sure why the file extension would matter... and we have quite a few users with SSL and this has not been reported... in fact, we recently did an ssl sweep due to share this issue and this did not come up...
not saying, you are not correct, just odd that its not a global things... or perhaps its specific to IIS...
and we will have to investigate further...
Visit Cruise Talk Central and Mr Papa's World
The file extension issue is unrelated to SSL. To avoid confusion, I split that into another thread: Gravatar cache doesn't work well on IIS
You don't have to take my word for it on the mixed content warning. It is easy to repro the issue by going to https://galleryserverpro.com/forum and logging in (it supports several openauth providers so you can log in with your Google, Facebook, Twitter, or LinkedIn account). Once logged in and your gravatar image is shown, look at the source and notice the image is served as HTTP while the page is served as HTTPS.
and investigation is underway...
Visit Cruise Talk Central and Mr Papa's World
Any word on this? We are still having this issue on our site. Repro steps in the earlier posts still work.
Thanks!
Roger
we have not been able to reproduce yet (doesnt happen on our ssl test setup)... and still trying to understand how a file extension would make any difference... of course, our test site is not on IIS... and would like to understand why/how its specific to IIS... is it just your server set up or any IIS.. unfortunately, such as small number of IIS users so hard to get data... not a good practice to 'fix' something for one instance without understanding any other implications...
Visit Cruise Talk Central and Mr Papa's World
We've recently moved our site to use SSL, and everything is working fine except for the forums.
They work - but the browser flags the pages as insecure because SimplePress is loading the gravatar over http instead of https.
Here is the error in Chrome:
Mixed Content: The page at 'https://www.rvmobileinternet.com/forum/' was loaded over HTTPS, but requested an insecure image 'http://www.gravatar.com/avatar/73c61c17d46e45ac2cd4a00b2bba5453?d=404&size=50&rating=g'. This content should also be served over HTTPS.
Any fix coming? Do I have to disable gravatars?
Thanks,
- Chris
PS: This has nothing to do with IIS. Our web host is Dreamhost, running Apache. SimplePress just needs to request the https:// instead of http:// image from Gravatar to fix this, I think
I thought we had a bug ticket open on this one but it appears to have fallen through the cracks somewhere. I will open one now and we will discuss tonight and let you know after that....
YELLOW
SWORDFISH
|
we might be able to fix gravatars to always use https, but a bigger question would be why isnt it auto changing it to https???
It does for me on my test server... makes me wonder if the server is properly configured to use https/ssl...
Visit Cruise Talk Central and Mr Papa's World
have opened a ticket to just go ahead and force https in next version... should be no harm there...
Visit Cruise Talk Central and Mr Papa's World
1 Guest(s)