Insecure call out to wp.com for gravatar over https://

  • Hi there,

    I see a single call out on page load that is insecure to https://i1.wp.com/disable_gravatar_buddypress

    Is there a way to force this to be https (I’m comfortable doing a quick change to plugin code if you can show me what to change)

    I’m also curious whether there’s a way to prevent this call as well.

    The entire site is served over https, so this generates mixed content warnings in the browser

    thx

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Marcus (aka @msykes)

    (@netweblogic)

    This plugin only changes the gravatar endpoint in the url, not the protocol, so I think first you need to check your avatars before the plugin is active and make sure they’re https.

    I’ve added some functionality to let you add your own avatar image, avoiding gravatar entirely, will put that up in the coming weeks when time permits.

    Thread Starter technologypoet

    (@technologypoet)

    Thanks for your response. Avoiding gravatar altogether would be amazing. I’d love to use either buddypress avatar if available, or if not fal back to a loca to domain avatar I can specific.

    Plugin Author Marcus (aka @msykes)

    (@netweblogic)

    It should already default to BP avatars (again, we only replace the gravatar url if that’s the avatar url we’re provided by WP), which is why our plugin should also work with other plugins that allow you to choose a custom avatar as well.

    Thread Starter technologypoet

    (@technologypoet)

    Yes when I use the buddypress setting on your plugin it does show buddypress avatar correctly. I’m truly mystified by where this insecure avatar call to WordPress is coming from. I’ll keep digging.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Insecure call out to wp.com for gravatar over https://’ is closed to new replies.