[bug 932300] Fix mixed-content issues with Gravatars

kitsune/users/helpers.py

@@ -31,12 +31,15 @@ def profile_avatar(user, size=48):
         avatar = (profile.avatar.url if profile and profile.avatar else
                   settings.STATIC_URL + settings.DEFAULT_AVATAR)
 
+    if avatar.startswith('//'):
+        avatar = 'https:%s' % avatar
+
     if user and hasattr(user, 'email'):
         email_hash = hashlib.md5(user.email.lower()).hexdigest()
     else:
         email_hash = '00000000000000000000000000000000'
 
-    return '//www.gravatar.com/avatar/%s?s=%s&d=%s' % (
+    return 'https://secure.gravatar.com/avatar/%s?s=%s&d=%s' % (
         email_hash, size, urllib.quote(avatar))
 
 

kitsune/users/tests/test_helpers.py

@@ -24,20 +24,20 @@ def test_profile_url(self):
     def test_profile_avatar_default(self):
         profile(user=self.u)
         email_hash = hashlib.md5(self.u.email.lower()).hexdigest()
-        gravatar_url = '//www.gravatar.com/avatar/%s?s=48&d=%s' % (
+        gravatar_url = 'https://secure.gravatar.com/avatar/%s?s=48&d=%s' % (
             email_hash, settings.STATIC_URL + settings.DEFAULT_AVATAR)
         eq_(gravatar_url, profile_avatar(self.u))
 
     def test_profile_avatar_anonymous(self):
         email_hash = '00000000000000000000000000000000'
-        gravatar_url = '//www.gravatar.com/avatar/%s?s=48&d=%s' % (
+        gravatar_url = 'https://secure.gravatar.com/avatar/%s?s=48&d=%s' % (
             email_hash, settings.STATIC_URL + settings.DEFAULT_AVATAR)
         eq_(gravatar_url, profile_avatar(AnonymousUser()))
 
     def test_profile_avatar(self):
         profile(user=self.u, avatar='images/foo.png')
         email_hash = hashlib.md5(self.u.email.lower()).hexdigest()
-        gravatar_url = '//www.gravatar.com/avatar/%s?s=48&d=%s' % (
+        gravatar_url = 'https://secure.gravatar.com/avatar/%s?s=48&d=%s' % (
             email_hash, settings.MEDIA_URL + 'images/foo.png')
         eq_(gravatar_url, profile_avatar(self.u))