Load Avatars Securely Over HTTPS

  • Escape Creative

    (@escapecreative)


    13 years ago

    We are using BuddyPress 1.5.3 w/ WordPress 3.3.1. We’re using the “Who’s Online” sidebar widget, as well as displaying the “Logged In As” info in the sidebar (just like buddypress.org does).

    Our entire site is secured using an SSL cert, so every page is served over https. I can’t figure out how to load the avatar images over https.

    I was able to change some code to now display this:

    <img src="https://www.gravatar.com/avatar/47a335c022d687832bd9ee10783e2e12?d=https://www.copsacrossamerica.com/wp-content/plugins/buddypress/bp-themes/cops-across-america/images/user-badge-silhouette.png&s=50"...

    So the default ( ?d=… ) avatar would be displayed over https, but the uploaded avatar is still loaded unsecurely.

    According to gravatar.com, it can be done: https://en.gravatar.com/site/implement/images/#secure-images. I just can’t figure out how.

    Any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi.

    As a general point, you should upgrade to BuddyPress 1.5.5 asap. See https://buddypress.org/2012/03/buddypress-1-5-5/

    Specifically, the gravatar URLs should be using https:// URLs if the page containing the gravatar is accessed over https. Looking very quickly at the logic, there might be a couple of situations where this is faulty. Can you please create a bug report on https://buddypress.trac.www.ads-software.com/, and report this issue? I’ll check it out for you.

    Thread Starter Escape Creative

    (@escapecreative)

    Paul,

    Thanks for responding. And sorry for my much delayed response.

    When I updated to WordPress 3.4, it fixed the issue on its own. That’s the only thing I changed, and it started displaying them over https.

    I also just upgraded to BuddyPress version 1.5.6 (most recent).

    Thanks for your help,
    Dave

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Load Avatars Securely Over HTTPS’ is closed to new replies.

Tags