“Specify avatar by URL” throwing security errors if linked from http

  • Resolved Sho-Down

    (@sho-down)


    8 years, 1 month ago

    You may want to include an option to disable just the avatar option “Specify avatar by URL” because members can paste an “http” url into the box and this throws security errors on your page if your website is SSL. If I turn off “Enable Custom Avatars” then members can’t upload their own avatar so it’d be nice to just be able to turn off “Specify avatar by URL”

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gVectors Team

    (@gvectors-team)

    8 years, 1 month ago

    Hi Sho-Down,
    Thank you for the suggestion. We’ll take this under consideration for future releases. The avatar URl is filtered and passed through esc_url() WordPress function. So it should be secure.

    Thread Starter Sho-Down

    (@sho-down)

    8 years, 1 month ago

    It’s not secure if the member inputs an “http” url instead of “https”, doing this causes mixed security warnings on the website. I thought I’d let you know.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘“Specify avatar by URL” throwing security errors if linked from http’ is closed to new replies.