On Sun, Jul 1, 2018 at 4:24 PM Barak Korren <bkor...@redhat.com> wrote:
> On 1 July 2018 at 15:41, Nir Soffer <nsof...@redhat.com> wrote: > >> After watching Sarah Bird's great talk about the terrifying web[1], I >> found that for >> some reason 3rd party cookies were enabled in my browser. >> >> After disabling them, I found that gerrit is using 3rd party cookies from >> gravatar.com. >> (see attached screenshot). >> >> Why do we allow 3rd parties like gravatar to set cookies? >> > > > We don't "allow" 3rd parties. For a 3rd party to be able to set cookies on > your site you need have some elements on your page that make the browser > pull content from them. In the case of Gravatar what we have are <img> tags > with "src" attributes that contain URLs that point to Gravatar and contain > one-way hashes of user email addresses. Those URLs resolve to the users > avatars if they registered their emails with Gravatar. > > This is just how Gravater works - its very simple and reliable, to have it > work differently would require complex and fragile server-side code on our > side and would probably be prone to more security issues then the current > system. > > The only 3rd-party we engage currently is Gravatar, I've no reason to > believe the engage in any sort of tracking. The maintainers of Gravatar are > also the maintainers of Wordpress, one of the bigger open-source > poster-child projects, which is all about people hosting their own stuff > rather then catering to the requirements of proprietary gate-keepers like > Facebook and GitHub (Now Microsoft...)... > > Bottom line, I've strong reason to belive this is false alarm. > Why not ask gravatar about this? > > >> >> Can we use gravatar without setting cookies? >> > > This looks like a simple session cookie, try to log out of your acocunt on > Gravatar and see if it vanishes... > I'm not logged to gravatar. > > >> [image: Screenshot from 2018-07-01 15-31-37.png] >> [1] https://il.pycon.org/2018/schedule/presentation/18/ >> >> Nir >> >> _______________________________________________ >> Devel mailing list -- devel@ovirt.org >> To unsubscribe send an email to devel-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/H5RSJINV7WKJMWGF7NJ5SJZJJDP7MJZS/ >> >> > > > -- > Barak Korren > RHV DevOps team , RHCE, RHCi > Red Hat EMEA > redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted >
_______________________________________________ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/SALXKEISIXUYZMUIGGZSPNKXTZDZ4J67/
