Junio C Hamano wrote: >> Andrej Andb wrote: >>> --- a/gitweb/gitweb.perl >>> +++ b/gitweb/gitweb.perl >>> @@ -2068,7 +2068,7 @@ sub picon_url { >>> if (!$avatar_cache{$email}) { >>> my ($user, $domain) = split('@', $email); >>> $avatar_cache{$email} = >>> - "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" . >>> + "//www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" . [...] > Intuitively it feels strange that the above lets the site that gave > you the base URL dictate over what scheme sites unrelated to it has > to serve their resources. The main effect is to slightly improve privacy. A man in the middle can still see the size of avatars and when you fetched them, but at least this way when you are using HTTPS they do not see the names of authors of commits you are looking at. It also avoids a mixed content warning. On the other hand, it hurts caching by proxies. Jonathan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html