Libravatar (obsolete)

CORS support for libravatar when redirecting to gravatar

Bug #1538405 reported by TheSkorm on 2016-01-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Fix Released	Low	François Marier

Bug Description

CORS appears to be working on the CDN for images on Libravatar however when Libravatar redirects to a Gravatar the Libravatar server doesn't send the CORS header.

For example the first CURL request shows the redirect to Gravatar not having CORS while the second request does.

MacBook-Pro:~ mwheeler$ curl -v https://seccdn.libravatar.org/avatar/b5ce4c7d01e08fd8c67ef06fc36ca373
* Trying 162.242.174.121...
* Connected to seccdn.libravatar.org (162.242.174.121) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: seccdn.libravatar.org
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> GET /avatar/b5ce4c7d01e08fd8c67ef06fc36ca373 HTTP/1.1
> Host: seccdn.libravatar.org
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Wed, 27 Jan 2016 05:28:30 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000; includeSubdomains
< Cache-Control: max-age=86400
< Location: https://secure.gravatar.com/avatar/b5ce4c7d01e08fd8c67ef06fc36ca373.jpg?r=g&s=80&d=https://seccdn.libravatar.org/nobody/80.png
< Content-Length: 1
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host seccdn.libravatar.org left intact
MacBook-Pro:~ mwheeler$ curl -v https://seccdn.libravatar.org/avatar/8137eb7a15e817d86d9538af583b7300
* Trying 162.242.174.121...
* Trying 2a01:488:66:1000:523:f116::1...
* Immediate connect fail for 2a01:488:66:1000:523:f116::1: No route to host
* Trying 2001:4801:7822:103:be76:4eff:fe11:daba...
* Immediate connect fail for 2001:4801:7822:103:be76:4eff:fe11:daba: No route to host
* Connected to seccdn.libravatar.org (162.242.174.121) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: seccdn.libravatar.org
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> GET /avatar/8137eb7a15e817d86d9538af583b7300 HTTP/1.1
> Host: seccdn.libravatar.org
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 27 Jan 2016 05:28:46 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000; includeSubdomains
< Cache-Control: no-transform
< Last-Modified: Wed, 27 Jan 2016 05:15:54 GMT
< Accept-Ranges: bytes
< Content-Length: 2031
< Cache-Control: public
< Expires: Wed, 03 Feb 2016 05:28:46 GMT
< Access-Control-Allow-Origin: *

See original description

François Marier (fmarier) on 2016-01-27

Changed in libravatar:
status:	New → Triaged
assignee:	nobody → François Marier (fmarier)
importance:	Undecided → Low

François Marier (fmarier) on 2017-07-27

description:

updated

François Marier (fmarier) on 2017-07-27

Changed in libravatar:
status:	Triaged → Fix Committed

Revision history for this message

François Marier (fmarier) wrote on 2017-07-27:

I've added it to the Gravatar redirects and the default images.

Changed in libravatar:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.