Valid hash with a forced default option redirects to an invalid page
A request for a valid hash such as 4751ed9aae86881d2b45dd0512c3e14a
with a invalid default such as unicorn
works fine unless the forcedefault option is used. In this case ivatar redirects to an invalid page using unicorn
as the hash.
A request for an invalid hash with an invalid forced default correctly returns nobody.png.
Example:
$ curl -i "https://libravatar-stg.fedorainfracloud.org/avatar/4751ed9aae86881d2b45dd0512c3e14a?d=unicorn&f=y"
HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 15:44:44 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: unicorn
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8