Re: [PATCH] remove protocol from gravatar and picon links for clear if Gitweb is being called through a secure server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jonathan Nieder <jrnieder@xxxxxxxxx> writes:

> (cc-ing some area experts)
> Hi Andrej,
>
> Andrej Andb wrote:
>
>> [Subject: remove protocol from gravatar and picon links for clear if
>> Gitweb is being called through a secure server]
>
> Sounds good to me.  May we have your signoff?  (See
> Documentation/SubmittingPatches for what this means.)
>
> Thanks,
> Jonathan
> (patch left unsnipped for reference)
>
>> ---
>>  gitweb/gitweb.perl | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
>> index c6bafe6..1309196 100755
>> --- a/gitweb/gitweb.perl
>> +++ b/gitweb/gitweb.perl
>> @@ -2068,7 +2068,7 @@ sub picon_url {
>>  	if (!$avatar_cache{$email}) {
>>  		my ($user, $domain) = split('@', $email);
>>  		$avatar_cache{$email} =
>> -			"http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/"; .
>> +			"//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .

Hrmph.  Is that even a valid URL to refer to that external site from
a https://my.site/some/where/ base URL?  I wouldn't be surprised if
browsers allowed it, but I do not recall seeing such a use in RFCs.

Intuitively it feels strange that the above lets the site that gave
you the base URL dictate over what scheme sites unrelated to it has
to serve their resources.


--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]