The Instructure Community is in read-only mode as we prepare to migrate to our new Community platform in early December.
Community members cannot post or update content in the Community during this time. All content is still available to view.
Read our blog post for more info about this change.Found this content helpful? Log in or sign up to leave a like!
user[avatar][url] used to work, but no longer. Using curl and python, separately, I can change other user variables, but not the avatar url. Has the api changed?
Solved! Go to Solution.
I realized that my initial test wasn't great -- I was using a gravatar URL, and gravatar URLs are allowed. The PNG that I tried failed because it wasn't a gravatar URL, not because it was a PNG. I haven't turned up any documentation confirming this, but the Canvas source code indicates that avatar URLs can only point to a specific set of allowed hostnames. Hostnames matching *.instructure.com and *.gravatar.com are allowed by default, and it appears that additional hostnames can be added via configuration (though I believe this would need to be done by changing config files on the servers; as far as I know there's no UI to do this).
If you're curious, here's the section of code that handles the avatar URL:
canvas-lms/user.rb at 1030fa037111dadfbd24efa58f274e5981923a23 · instructure/canvas-lms · GitHub
I expect that this limitation exists for security reasons. In our own Canvas instance, we populate user photos by uploading an image file for each user rather than pointing to an external URL.
Hope this helps!
--Colin
Hi Iver --
I am able to change a user's avatar URL as you describe above, but I did notice that it only seemed to work when I pointed to a JPEG; when I pointed to a PNG it seemed to revert to the placeholder image. I poked around in the APIdocumentation for any mention what image format(s) are supported but didn't turn anything up. Maybe there's something in the Admin guide.
--Colin
Thank you, Colin.
What the script has done successfully in the past is use an encrypted string to point to a jpg file. Suddenly it's not working. I have tried to point directly to a jpg file, again without success. Any help is greatly appreciated.
--Iver
I realized that my initial test wasn't great -- I was using a gravatar URL, and gravatar URLs are allowed. The PNG that I tried failed because it wasn't a gravatar URL, not because it was a PNG. I haven't turned up any documentation confirming this, but the Canvas source code indicates that avatar URLs can only point to a specific set of allowed hostnames. Hostnames matching *.instructure.com and *.gravatar.com are allowed by default, and it appears that additional hostnames can be added via configuration (though I believe this would need to be done by changing config files on the servers; as far as I know there's no UI to do this).
If you're curious, here's the section of code that handles the avatar URL:
canvas-lms/user.rb at 1030fa037111dadfbd24efa58f274e5981923a23 · instructure/canvas-lms · GitHub
I expect that this limitation exists for security reasons. In our own Canvas instance, we populate user photos by uploading an image file for each user rather than pointing to an external URL.
Hope this helps!
--Colin
Thank you, Colin! It's a relief to understand what's going on, though I see I have more work ahead of me to fix our situation. I appreciate your help.
--Iver
Hello Colin. We are trying to bulk upload pictures for our students and I read your post that you upload an image file for each user rather than pointing to a url. Can you please let me know how you are accomplishing it? We thought of using the API with the url option but there are some concerns from our security admin. Thank you!
Isabel
Our ITS team noticed the same thing last week - we import profile photos via API but updates are no longer working.
If you're hosting the profile photos, it might be worth checking with your CSM to see if your server's hostname can be added to the whitelist.
--Colin
50581462 and @natalie_norton1 were either of you successful in getting the server's hostname whitelisted? We've been working on doing this with little luck.
Sara
Hi Sara --
We actually upload the avatar images to Canvas, so we didn't need to get an external server whitelisted.
--Colin
We are in the process right now of trying to get avatars loaded up on Canvas through API. We are hitting a snag and I think that you were on to something with it having to be gravtar or Canvas based hosting them. I am looking into what Gravatar is right now and if that is an option. We are talking to our CSM on Monday and will mention to them about whitelisting our site so we can try it that way.
Anyway, I was wondering if you had a quick rundown on how you are uploading your images. Are you uploading them to different student profiles for them? Are you using the API? We are a little lost right now and trying to find north. What we did is not working and just trying to figure out what works from someone.
Thanks,
Bill
Yes, we are using an API call to change the avatar url to point to files
hosted in the cloud. To make that happen, we had to ask Canvas/Instructure
to whitelist the site where the files were located.
Iver Davidson, Ph.D.
Director
Academic Center for Technology
New Mexico Tech
iver.davidson@nmt.edu
Office: 575-835-5035
Speare 144
Mobile: 575-418-7970
On Fri, Dec 7, 2018 at 10:02 AM rudeb@iecc.edu <instructure@jiveon.com>
Thanks a ton. I saw it somewhere else that mentioned this little bit of information, but did not really expand on it. We tried a Gravatar link and it uploaded the picture perfectly. Now we have to do it on a mass scale haha. I am going to have a talk with Canvas on Monday, I will see if they can whitelist our site so we can do uploads instead of relying on Gravatar.
Much obliged a ton. I saw it elsewhere that referenced this tad of data, however didn't generally develop it. We attempted a Gravatar connection and it transferred the image consummately. Presently we need to do it on a mass scale haha. I will sit down to chat with Canvas on Monday, I will check whether they can whitelist our site so we can do transfers as opposed to depending on Gravatar.
Community helpTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign inTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in
