Bug 1127353 - Pinging gravatar.com server might be unsavory for customers in secure environments.
Summary: Pinging gravatar.com server might be unsavory for customers in secure environ...
Keywords:
Status: CLOSED DUPLICATE of bug 1092591
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: Ohad Levy
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-06 18:02 UTC by Corey Welton
Modified: 2017-02-23 21:08 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 18:15:09 UTC


Attachments (Terms of Use)

Description Corey Welton 2014-08-06 18:02:09 UTC
Description of problem:
In general, we have gravatar turned off, etc., but it appears that we still ping gravatar.com for a stock user icon.  This could be problematic for customers in secure environments.  It looks like there is an "onerror" param to possibly populate if required resource cannot be reached, but I don't think customers in isolated environments would like attempts to ping things outside their environment.

Version-Release number of selected component (if applicable):

Satellite-6.0.4-RHEL-6-20140730.0

How reproducible:


Steps to Reproduce:
1. Login to server
2. View source


Actual results:

  <a href="#" class="dropdown-toggle" data-id="aid_not_defined" data-toggle="dropdown" id="account_menu"><img alt="Change your avatar at gravatar.com" class="avatar small" onerror="this.src=&#x27;/assets/user-c684a0655d613a29a3047ff214c3303a.jpg&#x27;" src="https://secure.gravatar.com/avatar/9197d16c849917a9972736fbeb9d2dbd?d=mm&amp;s=30" />Admin User <span class="caret"></span></a>

Expected results:

Should not ping, or attempt to ping, third party content, per customers on secure/isolated environments.

Additional info:

Comment 3 Corey Welton 2014-08-06 18:15:09 UTC

*** This bug has been marked as a duplicate of bug 1092591 ***


Note You need to log in before you can comment on or make changes to this bug.