Skip to content

Fix avatars not showing when not using HTTPS#3995

Open
jiafeimao0p wants to merge 1 commit intoconversejs:masterfrom
jiafeimao0p:fix/avatar-https-fallback
Open

Fix avatars not showing when not using HTTPS#3995
jiafeimao0p wants to merge 1 commit intoconversejs:masterfrom
jiafeimao0p:fix/avatar-https-fallback

Conversation

@jiafeimao0p
Copy link
Copy Markdown

@jiafeimao0p jiafeimao0p commented Apr 23, 2026

Summary

Fixes the issue where avatars are not showing when Converse.js is opened on a non-secure context (non-HTTPS).

Problem

The rendering of avatars from vCards uses crypto.subtle, which is only available in secure contexts (HTTPS). This causes avatars to not be displayed in non-HTTPS environments.

Solution

Check for window.isSecureContext before using the crypto.subtle API, and provide a fallback for non-HTTPS environments.

Files Changed

  • src/headless/plugins/vcard/parsers.js - Check secure context before SHA-1 hash
  • src/headless/plugins/vcard/api.js - Check secure context when setting avatar
  • src/headless/utils/color.js - Check secure context in colorize function

Testing

The fallback uses base64 substring or simple string hash as pseudo-hash when crypto.subtle is unavailable, allowing avatars to display in non-HTTPS contexts.

Fixes #2374

@penggaolai
Fix avatars not showing when not using HTTPS
8b631ca 
- Check for window.isSecureContext before using crypto.subtle API
- Provide fallback for non-HTTPS environments to allow avatars to display
- Fixed in: parsers.js, api.js, color.js

Fixes conversejs#2374
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Avatars not showing when not using HTTPS

1 participant

@jiafeimao0p