View Issue Details

IDProjectCategoryView StatusLast Update
0021165mantisbtuipublic2016-07-09 19:28
ReporteratrolAssigned Tovboctor 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0-rc.2 
Target Version1.3.0Fixed in Version1.3.0 
Summary0021165: Using database configuration to enable gravatars does not work
Description

The CSP header looks like the following line if show_avatar is enabled in database using adm_config_report.php:

content-security-policy:"default-src 'self'; frame-ancestors 'none'; style-src 'self'; script-src 'self'"

In FF you will see no avatar images because of this.
The FF console shows the CSP violation.

Using Edge shows broken avatar images. (see screen shot)

Enabling gravatars using config_inc.php works as the CSP header looks like

content-security-policy:"img-src 'self' http://www.gravatar.com/";

I had a short look at the code. One problem seems to be that config_get and config_get_global are used to get the show_avatar setting.
So config_get might deliver 1 whereas config_get_global might deliver 0.

The first question is: Should we go on to allow gravatar configuration in database?
It allows us to enable/disable gravatars based on project and/or user.
We could add show_avatar to $g_global_settings if this functionality is not needed.

TagsNo tags attached.

Relationships

related to 0021164 closedsyncguru CSP headers are no longer sent when using current master branch 

Activities

atrol

atrol

2016-06-27 10:53

developer  

EdgeAvatarsCSP.PNG (13,767 bytes)
EdgeAvatarsCSP.PNG (13,767 bytes)
vboctor

vboctor

2016-06-29 23:56

manager   ~0053484

PR: https://github.com/mantisbt/mantisbt/pull/808

Related Changesets

MantisBT: master-1.3.x d9ea9992

2016-06-29 23:55:06

vboctor

Details Diff
show_avatar config in db doesn't work

Fixes 0021165
mod - plugins/Gravatar/Gravatar.php Diff File

MantisBT: master 1ee1fa6b

2016-06-29 23:55:06

vboctor

Details Diff
show_avatar config in db doesn't work

Fixes 0021165
mod - plugins/Gravatar/Gravatar.php Diff File

Issue History

Date Modified Username Field Change
2016-06-27 10:53 atrol New Issue
2016-06-27 10:53 atrol File Added: EdgeAvatarsCSP.PNG
2016-06-27 10:54 atrol Severity minor => major
2016-06-27 10:54 atrol Relationship added related to 0021164
2016-06-29 23:56 vboctor Assigned To => vboctor
2016-06-29 23:56 vboctor Status new => assigned
2016-06-29 23:56 vboctor Product Version => 1.3.0-rc.2
2016-06-29 23:56 vboctor Note Added: 0053484
2016-06-30 21:35 vboctor Changeset attached => MantisBT master-1.3.x d9ea9992
2016-06-30 21:35 vboctor Status assigned => resolved
2016-06-30 21:35 vboctor Resolution open => fixed
2016-06-30 21:35 vboctor Fixed in Version => 1.3.0
2016-06-30 21:36 vboctor Changeset attached => MantisBT master 1ee1fa6b
2016-06-30 21:37 vboctor Category security => ui
2016-07-09 19:28 vboctor Status resolved => closed