Details
Description
Given that Folio runs with https/SSL/TLS like https://folio-demo.gbv.de/ .
Given that Settings / Users / Profile Pictures is enabled.
When I open the User Information section of the User details pane a 100x100 placeholder image is shown.
Expected: That placeholder image gets loaded from the installation site (like https:/folio-demo.gbv.de/ ) and via https/SSL/TLS.
Actual: The placeholder image gets loaded from http://placehold.it/100x100 without encryption causing the browser to warn about the security issue. It does not work if placehold.it is down or if I don't have internet access.
UserInfo.js contains http://placehold.it/100x100:
https://github.com/folio-org/ui-users/blob/ce6b09f02b9f20ad7cc5ce5d99a932bf4df310ed/lib/ViewSections/UserInfo/UserInfo.js#L103
Replace http://placehold.it/100x100 by a local image.
Notes
This is a regression, see UIU-35.
A pull request to change http to https when loading from placehold.it was rejected in May 2017: https://github.com/folio-org/stripes-components/pull/2
It was decided to use a local image: https://issues.folio.org/browse/STRIPES-360
Placehold.it has usage rules that allow to use the images "from small sites or staging servers" but forbid "over 100,000 page views per month". Several FOLIO implementers exceed this limit.
The European Court of Justice held that dynamic IP addresses collected by a website owner qualify as personal information under EU privacy laws. Therefore FOLIO implementers need to list placehold.it in their records of processing activities as required by GDPR article 30. Please add a GDPR section on ui-users README listing placehold.it to help them with this task until the placehold.it link has been replaced by a local image.
TestRail: Results
Attachments
Issue Links
- relates to
-
STRIPES-360 https for placehold.it
-
- Closed
-
-
UICHKOUT-624 replace placehold.it link by local image
-
- Closed
-
-
UIU-35 replace placehold.it link by local image
-
- Closed
-
-
UIU-1096 Upload of User Profile Picture
-
- Closed
-