Flyspray - The bug killer!

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bug Report
  • Category User Interface
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version 1.0-rc6
  • Due in Version 1.0
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray - The bug killer!
Opened by Thanatermesis - 29.10.2017
Last edited by peterdd - 15.07.2018

FS#2450 - Empty avatars appears like broken images

Hello,

I recently upgraded a very old version of flyspray, the avatars (and gravatar) are enabled, my profile includes an image which looks correctly (I had a problem with the transparency btw, so I used then a JPG version). But the users that doesn’t has avatar shows up like a broken image.

Example: http://bugs.elivecd.org/index.php?do=details&task_id=262&tasks=&due=33&status%5B0%5D=&order=dateopened&sort=asc&order2=lastedit&sort2=asc

Maybe when there’s no avatar for the users would be needed to show a generic image?

Thank you
Thanatermesis

Closed by  peterdd
15.07.2018 16:31
Reason for closing:  Fixed in devel
Project Manager
peterdd commented on 29.10.2017 17:59

Sorry, my fault. Added basic Content-Security-Policy headers (CSP) hardcoded for the 1.0-rc6 release.

But forgot www.gravatar.com as allowed img-src ...

Future plan is to have some functions for modifying the csp entries available within flyspray, but not done yet ..

Quickfix for your http:// page would be replacing img-src ‘self’
with img-src ‘self’ http://www.gravatar.com in header.php

pseudo code:

if (setting gravatar allowed){
   if(page request with SSL/TLS){
     img-src 'self' https://www.gravatar.com
   } else{
     img-src 'self' http://www.gravatar.com
   }
}

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing