View Issue Details

IDProjectCategoryView StatusLast Update
0022689mantisbtbugtrackerpublic2017-04-30 14:48
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.2.2 
Target Version2.4.0Fixed in Version2.4.0 
Summary0022689: HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar
Description

When MantisBT is behind a proxy or load balancer, the URL is https, but MantisBT still loads Gravatar images via http which is incorrect and causes the browser to remove the security lock.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master 233b5e58

2017-04-07 00:06:15

vboctor

Details Diff
Honor HTTP_X_FORWARDED_PROTO for Gravatar

When behind a proxy/load balancer and HTTP_X_FORWARDED_PROTO indicates
that MantisBT is accessed via https, make sure all resources are loaded via https.

Fixes 0022689
mod - core/http_api.php Diff File

Issue History

Date Modified Username Field Change
2017-04-07 00:02 vboctor New Issue
2017-04-07 00:02 vboctor Status new => assigned
2017-04-07 00:02 vboctor Assigned To => vboctor
2017-04-07 00:07 vboctor Note Added: 0056428
2017-04-16 02:37 vboctor Changeset attached => MantisBT master 233b5e58
2017-04-16 02:37 vboctor Status assigned => resolved
2017-04-16 02:37 vboctor Resolution open => fixed
2017-04-16 02:37 vboctor Fixed in Version => 2.4.0
2017-04-16 09:18 atrol Target Version => 2.4.0
2017-04-30 14:48 vboctor Status resolved => closed