Closed Erisa closed 4 years ago
@Erisa hey :wave: Can confirm that this is a bug but a very minor one :) Don't think it would make sense to change how we serve gravatar links across the system just for this case, but think it would be a plausible workaround to handle them locally in slack integration service and transform protocol-less gravatar urls to https
ones.
@kevinansfield maybe you have an opinion on this since you've done the most with URL handling?
@gargol protocol-relative URLs can be a bit of a pain because they are technically "invalid" when parsing without additional context and can fail when used in non-browser contexts such as webhooks.
I'd be in favour of using https
for gravatar URLs everywhere, there's no downside as far as I'm aware 🤔 We originally switched to protocol-relative because using http
resulted in mixed-content warnings but https is likely a better default.
Awesome. Switching to https
would be a perfect solution then :+1:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Issue Summary
If you have an author with an unset avatar that is handled by Gravatar, the sent webhook has no protocol for the author avatar URL, instead using
//www.gravatar.com
.Looking into it, this appears to be a deliberate choice to use "relative protocol" links for Gravatar URLs. Slack handles this without error however the authors avatar is never displayed in the webhooks attachment. On Discord, this errors with 400 Bad Request and the webhook is never sent.
To Reproduce
For Slack:
For Discord:
/slack
to it and set it up as a Slack webhook in Ghost.ghost log
.Here's the error I get doing it for Discord, with the webhook token redacted:
It's interesting that despite the webhook url having
/slack
appended, the warn in that response doesn't show it. Doesn't appear related though.The raw JSON it was trying to send:
Technical details: