You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When Zuul is configured to use an SSL connection, browsers have a warning icon over the SSL "lock" icon that indicates a secure connection on any page that includes a Gravatar image. When you click on the SSL warning icon for details, it says "...this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page...". I checked the console tab using Google Chrome developer tools, and it confirmed that the problem was being caused by HTML <img> elements that are referencing Gravatar images using "http://" in the src attribute instead of "https://". Gravatar supports both HTTP and HTTPS when referencing Gravatar avatar URLs, so fixing this issue is a simple matter of changing the code in Zuul to put "https://" in front of Gravatar avatar URLs instead of "http://".
Also, even if Zuul is set up without any SSL encryption, using HTTPS in the Gravatar links would still work just fine since the Gravatar images are on Gravtar's servers, so even if Zuul isn't using HTTPS, Gravatar images will still work when secured (even though running Zuul without any SSL set up would be HIGHLY inadvisable from a security perspective).
Screenshot of SSL Warning When Clicking On SSL Lock Warning Icon:
Screenshot of Chrome Developer Tools Console Showing References Causing Warning:
The text was updated successfully, but these errors were encountered:
When Zuul is configured to use an SSL connection, browsers have a warning icon over the SSL "lock" icon that indicates a secure connection on any page that includes a Gravatar image. When you click on the SSL warning icon for details, it says "...this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page...". I checked the console tab using Google Chrome developer tools, and it confirmed that the problem was being caused by HTML
<img>
elements that are referencing Gravatar images using "http://" in thesrc
attribute instead of "https://". Gravatar supports both HTTP and HTTPS when referencing Gravatar avatar URLs, so fixing this issue is a simple matter of changing the code in Zuul to put "https://" in front of Gravatar avatar URLs instead of "http://".Also, even if Zuul is set up without any SSL encryption, using HTTPS in the Gravatar links would still work just fine since the Gravatar images are on Gravtar's servers, so even if Zuul isn't using HTTPS, Gravatar images will still work when secured (even though running Zuul without any SSL set up would be HIGHLY inadvisable from a security perspective).
Screenshot of SSL Warning When Clicking On SSL Lock Warning Icon:
Screenshot of Chrome Developer Tools Console Showing References Causing Warning:
The text was updated successfully, but these errors were encountered: