Hey
first of all - I love this project. I’ve been using it for quite a while now and with the self hosted passwordmanager I was able to convince my security insensible family to start to use one. You’re doing an amazing job.
I was wondering if not showing the gravatar images in the admin panel is a bug or a deliberate decision?
I just wanted to ask before opening an issue or feature request.
kind regards, Chris
If they’re not showing up, it’s probably because you’re not accessing the admin page over HTTPS.
It’s what @jjlin mentioned. Or your have a custom CSP configured which blocks some JavaScript from being executed.
Oh, interesting. It is secured with TLS and I did not configure any custom CSP. Inside of the vault they do show up normally.
EDIT: Added my support string for more context.
EDIT2: Just to be clear - The Identicon is showing fine. I’m talking about the gravatar.com image.
Environment settings which are overridden: SIGNUPS_ALLOWED, ADMIN_TOKEN
{
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_ip_header_enabled": true,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_max_conns": 10,
"database_url": "****/**.*******",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://*********.*****.****",
"domain_origin": "*****://*********.*****.****",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 5 * * * *",
"emergency_request_timeout_schedule": "0 5 * * * *",
"enable_db_wal": true,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"invitation_org_name": "*********@*****.****",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": "/data/bitwarden.log",
"log_level": "warn",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"org_attachment_limit": null,
"org_creation_users": "",
"password_iterations": 100000,
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": true,
"signups_allowed": false,
"signups_domains_whitelist": "*****.****",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": "Login",
"smtp_debug": false,
"smtp_explicit_tls": true,
"smtp_from": "*********@*****.****",
"smtp_from_name": "Bitwarden",
"smtp_host": "****.******.**",
"smtp_password": "***",
"smtp_port": 465,
"smtp_ssl": true,
"smtp_timeout": 15,
"smtp_username": "*********@*****.****",
"templates_folder": "data/templates",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": true,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}
There are no Gravatar icons within the admin. So not sure to which icons you are referring.
That is what I thought… I was so confused by your answers. They suggested I made a mistake so I started reading the source code for where they might be loaded but couldn’t find anything.
I was basically asking if this feature is already implemented and it just doesn’t work for me (which I now know it’s not) - or if you decided to not include it → Else I would like to suggest a feature request…
I hope that clears it up a bit…
Anyways… I’m very sorry for the confusion…
No Gravatar for the admin panel. And i personally wouldn’t want that either. For one, it’s just an admin panel. Second, it will disclose accounts used.
Yeah, that was basically the answer I was waiting for 
thanks