[wp-trac] [WordPress Trac] #8988: When accessing admin dashboard
over https the use of gravatars makes the security appear broken
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 29 11:39:20 GMT 2009
#8988: When accessing admin dashboard over https the use of gravatars makes the
security appear broken
----------------------------+-----------------------------------------------
Reporter: Mossop | Owner: anonymous
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.7.1
Component: Administration | Version: 2.7
Severity: minor | Keywords:
----------------------------+-----------------------------------------------
I have FORCE_SSL_ADMIN and FORCE_SSL_LOGIN set to true for security
however because the gravatars in the recent comments on the dashboard are
requested over http it makes the security appear broken.
When accessing the dashboard over https I think it should either hide the
gravatars or just serve a generic image from the wordpress install itself
that could be served over https since gravatar doesn't seem to offer https
support.
--
Ticket URL: <http://trac.wordpress.org/ticket/8988>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list