View Issue Details

IDProjectCategoryView StatusLast Update
0022689mantisbtbugtrackerpublic2017-04-30 14:48
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.2.2 
Target Version2.4.0Fixed in Version2.4.0 
Summary0022689: HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar
Description

When MantisBT is behind a proxy or load balancer, the URL is https, but MantisBT still loads Gravatar images via http which is incorrect and causes the browser to remove the security lock.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master 233b5e58

2017-04-07 00:06:15

vboctor

Details Diff
Honor HTTP_X_FORWARDED_PROTO for Gravatar

When behind a proxy/load balancer and HTTP_X_FORWARDED_PROTO indicates
that MantisBT is accessed via https, make sure all resources are loaded via https.

Fixes 0022689
Affected Issues
0022689
mod - core/http_api.php Diff File