Gravatars in Admin User Overview


first of all - I love this project. I’ve been using it for quite a while now and with the self hosted passwordmanager I was able to convince my security insensible family to start to use one. You’re doing an amazing job.

I was wondering if not showing the gravatar images in the admin panel is a bug or a deliberate decision?

I just wanted to ask before opening an issue or feature request.

kind regards, Chris

If they’re not showing up, it’s probably because you’re not accessing the admin page over HTTPS.

It’s what @jjlin mentioned. Or your have a custom CSP configured which blocks some JavaScript from being executed.

Oh, interesting. It is secured with TLS and I did not configure any custom CSP. Inside of the vault they do show up normally.

EDIT: Added my support string for more context.
EDIT2: Just to be clear - The Identicon is showing fine. I’m talking about the image.

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.23.0
  • Web-vault version: v2.23.0c
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.35.4
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: SIGNUPS_ALLOWED, ADMIN_TOKEN

  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*********.*****.****",
  "domain_origin": "*****://*********.*****.****",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "*********@*****.****",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/bitwarden.log",
  "log_level": "warn",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "*****.****",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "*********@*****.****",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.******.**",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*********@*****.****",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null

There are no Gravatar icons within the admin. So not sure to which icons you are referring.

That is what I thought… I was so confused by your answers. They suggested I made a mistake so I started reading the source code for where they might be loaded but couldn’t find anything.

I was basically asking if this feature is already implemented and it just doesn’t work for me (which I now know it’s not) - or if you decided to not include it → Else I would like to suggest a feature request…

I hope that clears it up a bit…

Anyways… I’m very sorry for the confusion…:sweat_smile:

No Gravatar for the admin panel. And i personally wouldn’t want that either. For one, it’s just an admin panel. Second, it will disclose accounts used.

1 Like

Yeah, that was basically the answer I was waiting for :slight_smile: thanks