You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is related to #17 and #18. The code to display connection avatars uses set_url_scheme, which changes the scheme based off of the current site configuration. However, in many cases that would mean that the avatar is downgraded to HTTP when HTTPS is available, or even in the case of Google's avatars where a non-SSL version is not available.
I would propose instead that the following logic:
If the avatar is HTTPS, keep the URL unchanged.
If the avatar is HTTP, add a filter or other method to allow services to declare SSL should be forced. If this is set to true, set the schema to HTTPS.
If the service did not opt in, use the current logic.
Happy to contribute a PR if desired.
The text was updated successfully, but these errors were encountered:
This is related to #17 and #18. The code to display connection avatars uses
set_url_scheme, which changes the scheme based off of the current site configuration. However, in many cases that would mean that the avatar is downgraded to HTTP when HTTPS is available, or even in the case of Google's avatars where a non-SSL version is not available.I would propose instead that the following logic:
Happy to contribute a PR if desired.
The text was updated successfully, but these errors were encountered: