[openstreetmap/openstreetmap-website] gravatar / user image should only be available to authenticated users (#1631)
Simon Poole
notifications at github.com
Tue Jul 28 12:30:13 UTC 2020
This issue is still festering (and should have been resolved a long time ago). There is a further angle in that we leak relevant data to gravatar because we show gravatar images for friends and nearby users for logged in users even if they themselves have gravatar support disabled.
If @gravitystorm and @tomhughes agree, the correct way to fix this is to only show (and query) gravatar images for:
a) logged in users, that
b) have gravatar support enabled (in this case we can actually argue that it is their own fault).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1631#issuecomment-665010979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200728/a01ec07e/attachment.htm>
More information about the rails-dev
mailing list