3080: remove external content from html template

leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.)
Jan. 3, 2014 
What version are you running?
1.7.12

What's the URL of the page containing the problem?
rb/images/review_request_box_top_bg (or rather any email templates containing that file or any other external images)

What steps will reproduce the problem?
1. Configure RB to be behind http basic auth
2. Receive RB email
3. Get prompted for http auth credentials

What is the expected output? What do you see instead?
There's no good reason for this image to be in the template. It doesn't have a meaningful impact on the email visual rendering at all. Having it be external content means I'm prompted for http auth whenever I view the emails in gmail or other browsers. I would expect the email to load cleanly without calling any external images.

What operating system are you using? What browser?
Not browser relevant

Please provide any additional information below.
#1 leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.) 
You can also probably remove the {% load staticfiles %} from review_request_email.html as part of this fix.
chipx86
#2 chipx86 
We can look into removing it. In the 99% case, people don't use HTTP auth. This is the first I've heard of this being an issue. I'd recommend using HTTP auth only for the Review Board server point, not for the static media files.
  • +Confirmed
  • +EasyFix
    +Milestone-Release1.7.x
#3 leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.) 
Thanks for responding.

We've got a reviewboard that's not behind a firewall so an extra layer of security via Basic Auth is a good precaution.

The file doesn't do much for the email layout and it's the only external link from it.
#4 Caffeina*********@gmai***** (Google Code) (Is this you? Claim this profile.) 
Removed the image.
#5 leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.) 
I just upgraded to 1.7.19 and the image is still in the template :-(
david
#6 david 
Unfortunately comment #4 wasn't accurate. We haven't done any work on this yet, since we're pretty busy with other, bigger things. We'd be happy to accept a patch for this.
#7 leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.) 
No problem. I assume that process is just a github pull request against the 1.7.x branch?
david
#8 david 
The process is to post a patch on https://reviews.reviewboard.org/
#9 leo.shk*******@gmai***** (Google Code) (Is this you? Claim this profile.) 
Done: https://reviews.reviewboard.org/r/5182/

Please let me know if there's anything else I need to do. The file shouldn't be removed entirely since its being used in the new review request page. It's just unnecessary in the email.
david
#10 david 
Fixed in release-1.7.x (882596f), master (4bc6a22).
  • -Confirmed
    +Fixed