Support » Plugin: Gravatar Shortcode » Needs to support HTTPS

  • Currently the plugin is hard coded to use http:// causing mixed content warnings on pages that use https://.

    Could you possibly update the plugin to use is_ssl() to detect the current page scheme? I have a patch if you need it. It includes adding $scheme to the list of supported HTML attributes:

    // Supported HTML attributes for the IMG tag
            $alt    = $alt ?    ' alt="'    . esc_attr( $alt    ) . '"' : '';
            $title  = $title ?  ' title="'  . esc_attr( $title  ) . '"' : '';
            $align  = $align ?  ' align="'  . esc_attr( $align  ) . '"' : '';
            $style  = $style ?  ' style="'  . esc_attr( $style  ) . '"' : '';
            $class  = $class ?  ' class="'  . esc_attr( $class  ) . '"' : '';
            $id     = $id ?     ' id="'     . esc_attr( $id     ) . '"' : '';
            $border = $border ? ' border="' . esc_attr( $border ) . '"' : '';
            $scheme = is_ssl() ? 'https://' : 'http://';

    And then making sure to replace the http:// in the img tag with $scheme

    https://wordpress.org/plugins/gravatar-shortcode/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Why not just add a letter s after http?

    	// Send back the completed tag
    	return '<img src="https://www.gravatar.com/avatar/' . md5( trim( strtolower( $email ) ) ) . '.jpg?s=' . $size . $rating . $default . '" width="' . $size . '" height="' . $size . '"' . $alt . $title . $align . $style . $class . $id . $border . ' />';
    }

    Kind regards,

    • This reply was modified 2 years, 3 months ago by  Mic Sumner.

    @xmic,

    Usually it’s ideal to make the external requests match the scheme the page is loaded in. This way if the site using this uses HTTP, the images are http, while if it’s HTTPS, it’ll follow suit.

    @cklosows,

    I understand that it used to be the case that http stuff work best on http, and https stuff used not to work best on http. But it seems to be that it’s okay now and in fact encouraged.

    I got my info from here:
    https://www.paulirish.com/2010/the-protocol-relative-url/

    If the asset you need is available on SSL, then always use the https:// asset.

    Kind regards,

    return '<img src="//www.gravatar.com/avatar/' . md5( trim( strtolower( $email ) ) ) . '.jpg?s=' . $size . $rating . $default . '" width="' . $size . '" height="' . $size . '"' . $alt . $title . $align . $style . $class . $id . $border . ' />';

    you should use // and it will take the scheme automatically.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Needs to support HTTPS’ is closed to new replies.