Hello! I have a Discourse installation that should only be used over HTTPS. However, since we also serve that forum on a Tor hidden service, we cannot use the “force HTTPS” checkbox in the options menu.
This is normally all well and good, except the Wordpress plugin gets an http url for the “avatar_template” value. I believe this is because discourse/app/serializers/post_wordpress_serializer.rb (and the other wordpress-related serializers) use UrlHelper.absolute object.user.avatar_template. This calls Discourse.base_url_no_prefix if a CDN is not configured (which is not on our site.) As such, the Wordpress plugin attempts to fetch (and embeds) the avatars over HTTP, which is less than ideal. I’m not terribly well versed in Ruby, so if this is completely incorrect I apologize. I can say for certain, however, that the API response from wordpress.json has a value of "avatar_template":"http://forums.whonix.org/letter_avatar_proxy/v2/letter/m/d2c977/{size}.png" even though we have the Discourse URL value in the Wordpress plugin settings as “https://forums.whonix.org”
I’m not sure if this is a bug in Discourse or the Wordpress plugin (or perhaps both) but I thought I would post it here. Please redirect me to the appropriate location if this is not it.
If you need additional details, please let me know.