View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022689 | mantisbt | bugtracker | public | 2017-04-07 00:02 | 2017-04-30 14:48 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.2.2 | ||||
Target Version | 2.4.0 | Fixed in Version | 2.4.0 | ||
Summary | 0022689: HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar | ||||
Description | When MantisBT is behind a proxy or load balancer, the URL is https, but MantisBT still loads Gravatar images via http which is incorrect and causes the browser to remove the security lock. | ||||
Tags | No tags attached. | ||||
MantisBT: master 233b5e58 2017-04-06 20:06 Details Diff |
Honor HTTP_X_FORWARDED_PROTO for Gravatar When behind a proxy/load balancer and HTTP_X_FORWARDED_PROTO indicates that MantisBT is accessed via https, make sure all resources are loaded via https. Fixes 0022689 |
Affected Issues 0022689 |
|
mod - core/http_api.php | Diff File |