Anyone else experience this when using the back office across SSL?

Hi Thomas, 

I think you have to make a difference between two things the default umbraco logo that is loaded when an user logs in and after that when an emailhash is used to set the gravatar image. The first thing you could override in the umbraco.controllers.js file:

line 1174 & line 1193     $scope.avatar = "assets/img/application/logo.png"

After that this there is a check if the emailHash has been set, this is used to get the gravatar image, i think here you implement your own custom thing yourself?

if($scope.user.emailHash){ ...

line 1270: $scope.avatar = "http://www.gravatar.com/avatar/" + $scope.user.emailHash + ".jpg?s=64&d=mm"

Thanks for the reply Henk. This was my initial approach but the back office doesn't appear to handle the Gravatar image any differently:

    if($scope.user.emailHash){
        $timeout(function () {                
            //yes this is wrong.. 
            $("#avatar-img").fadeTo(1000, 0, function () {
                $timeout(function () {
                    //this can be null if they time out
                    /*if ($scope.user && $scope.user.emailHash) {
                        $scope.avatar = "https://www.gravatar.com/avatar/" + $scope.user.emailHash + ".jpg?s=64&d=mm";
                    }*/                     
                    //$scope.avatar = "https://www.gravatar.com/avatar/" + $scope.user.emailHash + ".jpg?s=64&d=mm";
                    $scope.avatar = "/media/logo.png";
                });
                $("#avatar-img").fadeTo(1000, 1);
            });

          }, 3000);  
    }

I had tried resetting the web service in IIS as well and touching the web.config file but do not see any changes from the default Gravatar image. Notice in the commented out lines I had tried to load the standard image over HTTPS but its as if the updated JS does not get recognized in the back office.

Seems to me it could be a caching issue in your browser? Maybe you could force a refresh of the controller js file to make sure its correctly loaded after your latest changes? To do this hit ctrl-f5 after being logged into your backoffice: http://[yourdomain]//umbraco/js/umbraco.controllers.js

After changing the controller file as mentioned above i could immediatly see the changes in the gravat, with your sample this would be:

line 1174& line 1193     $scope.avatar ="/media/logo.png";

Hope this will help you further...

I had a feeling it may have been a cacheing issue. I know I have tried explicitely reloading the umbraco.controllers.js file in my browser, but it didn't make a change on the calling page.

I will try to do a full cache reset on my browser tomorrow morning when I am in the office and see if that resolves it.

Thanks again!

I am not sure that it is a caching issue. I had tried clearing my cache and even switching browsers but am still not seeing any changes or results.

Hi Thomas,

Sorry to hear this, maybe its an idea to get the full umbraco.controllers.js file shared, so i can take a look into this file? Also it is possible to debug this file with the chrome browser developer tools (f12) (sources tab) and than find the js file to debug. Than place breakpoint on the different lines mentioned above. So you can find out what exactly happens.

I had briefly attempted to debug it this way Henk, but couldn't find the umbraco.controllers.js resource in the Sources tab. Screenshot below:

Hi Thomas,

I checked it and you are right, you cant find the file because its generated by the dependencyhandler, maybe this is also why its difficult to clear the cache. I could find the code looking into this dependencyhandler see screen below and place a breakpoint. And with mouse over look for some values. 

Hmmm, looks like DependencyHandler.axd is not reading the updated JavaScript. I still see the old Gravatar URL code contained here. I have tried loading just the DependencyHandler.axd resource (which has a long unique querystring) in a new tab and tried refreshing/reloading the resource, but it does not seem to take into consideration the changes that were made to the umbraco.controllers.js file.

Is there a way to refresh the .axd resource? I've tried touching the web.config and restarting the webserver to no avail.

Maybe by deleting the ClientDependency folder in App_Data\TEMP you can force this. Also make sure you have write permissions set on this folder.

Eureka! Thanks Henk, that did the trick.

Hmmm, having the same problem here. Running Umbraco 7.1.6 on https, with umbracoUseSSL set to true. Clearing the App_Data clientdepencies does not solve it for me :-( Any other ideas?

Hi Marcel!

Did you make the change to the umbraco.controllers.js file? See earlier in this thread where I mentioned the line numbers you may need to change to point the image source to an alternate image. I replaced that string with an on-site image using absolute pathing to share the HTTPS protocol.

Once that change is in place, clear App_Data and then touch the web.config to see if that resolves it for you. Maybe clear your browser cache too in case that is the culprit.

Ai! Thanks Tomas, I missed that change!

Hey NPTUser,

If you look back in this thread, we discussed where to make changes in the respective javascript files. You can hardcode an image path located on your own web server as opposed to Gravatar, which was the same case in my circumstance.

Be sure to clear your cache and empty the ClientDependency folder in App_Data\TEMP as mentioned by Henk. Might not hurt to touch the web.config too.

Thanks Thomas, that worked a treat.
As our development area is behind a security firewall, this has been one of the first hurdles I have had to address, so many thanks for posting this solution.

Absolutely, glad it worked!

Why the Avatar is not downloaded by secure HTTPS, but by insecure http?

Gravatar.com works on https.

Even if website runs on http, Gravatar image should be got using https.

Always use https if available.

To update, the line numbers in umbraco.controllers.js to change are 99-125. I just comment out the whole section.

My vote would definitely be for a config option to choose the image in the top left (which would then not use gravatar if specified).

None of my CMS users have a gravatar (I can see it's more useful for comments on a blog), and I've secured my site with the Content-Security-Policy header so I don't want to have to add gravatar.com to the policy when it's not even used.

This still seems to be an annoying issue. Just deployed Umbraco 7.12.1 into a very secure Azure setup (highly firewalled) and our Users page took over 3 minutes to load for only 20 users.

Looking at the code in \src\Umbraco.core\Models\UserExtensions.cs I saw that the API GetUserAvatarUrls returns instantly if you set the avatar for the user to "none", otherwise times out after 10 seconds PER USER.

update [UmbracoUser] set avatar = 'none'

Problem solved, the users page now loads instantly. Obviously not a perfect solution as I suspect new users will be created with the column set to NULL which will cause a 10 second timeout. However, our user community change is low so we'll work with this.

Would be very nice to have a config setting to stop Gravatar calls from the Umbraco backoffice.

is working on a reply...