The default option is not respected anymore (#45) · Issues · Oliver Falk / ivatar

The default option is not respected anymore

A request for a random, non-existing hash such as one generated with sha256 -qs invalid$RANDOM with a default of 404 or retro or any other valid value for this option is now ignored. Instead ivatar redirects to /gravatarproxy/...?s=80, then on /avatar/...?s=80&forcedefault=y and finally redirects to nobody.png.

Perhaps all options should be passed instead of just the size ? I tested the same request with a non-default size and it was passed on as expected.

Example:

$ curl -iL "https://libravatar-stg.fedorainfracloud.org/avatar/$(sha256 -qs invalid$RANDOM)?d=404"     
HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:56 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /gravatarproxy/985993fa4f05b8195da128cbf86c6fb1d6c2fbcbf3861865d93fd214aacce2f0?s=80
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:56 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /avatar/985993fa4f05b8195da128cbf86c6fb1d6c2fbcbf3861865d93fd214aacce2f0?s=80&forcedefault=y
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:57 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /static/img/nobody/80.png
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 200 OK
Date: Tue, 19 Feb 2019 16:00:57 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 14 Nov 2018 14:53:30 GMT
ETag: "9f4-57aa118f1484d"
Accept-Ranges: bytes
Content-Length: 2548
Content-Type: image/png

A request for a random, non-existing hash such as one generated with `sha256 -qs invalid$RANDOM` with a default of `404` or `retro` or any other valid value for this option is now ignored. Instead ivatar redirects to `/gravatarproxy/...?s=80`, then on `/avatar/...?s=80&forcedefault=y` and finally redirects to nobody.png.

Perhaps all options should be passed instead of just the size ? I tested the same request with a non-default size and it was passed on as expected.

Example:

```
$ curl -iL "https://libravatar-stg.fedorainfracloud.org/avatar/$(sha256 -qs invalid$RANDOM)?d=404"     
HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:56 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /gravatarproxy/985993fa4f05b8195da128cbf86c6fb1d6c2fbcbf3861865d93fd214aacce2f0?s=80
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:56 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /avatar/985993fa4f05b8195da128cbf86c6fb1d6c2fbcbf3861865d93fd214aacce2f0?s=80&forcedefault=y
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 302 Found
Date: Tue, 19 Feb 2019 16:00:57 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Location: /static/img/nobody/80.png
Content-Length: 0
Vary: Accept-Language,Cookie
Content-Language: en
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8

HTTP/1.1 200 OK
Date: Tue, 19 Feb 2019 16:00:57 GMT
Server: Apache/2.4.34 (Fedora) OpenSSL/1.1.0i-fips mod_wsgi/4.5.20 Python/3.6
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 14 Nov 2018 14:53:30 GMT
ETag: "9f4-57aa118f1484d"
Accept-Ranges: bytes
Content-Length: 2548
Content-Type: image/png
```

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.