user[avatar][url] used to work, but no longer. Using curl and python, separately, I can change other user variables, but not the avatar url. Has the api changed?
I realized that my initial test wasn't great -- I was using a gravatar URL, and gravatar URLs are allowed. The PNG that I tried failed because it wasn't a gravatar URL, not because it was a PNG. I haven't turned up any documentation confirming this, but the Canvas source code indicates that avatar URLs can only point to a specific set of allowed hostnames. Hostnames matching *.instructure.com and *.gravatar.com are allowed by default, and it appears that additional hostnames can be added via configuration (though I believe this would need to be done by changing config files on the servers; as far as I know there's no UI to do this).
If you're curious, here's the section of code that handles the avatar URL:
canvas-lms/user.rb at 1030fa037111dadfbd24efa58f274e5981923a23 · instructure/canvas-lms · GitHub
I expect that this limitation exists for security reasons. In our own Canvas instance, we populate user photos by uploading an image file for each user rather than pointing to an external URL.
Hope this helps!
Hi Iver --
I am able to change a user's avatar URL as you describe above, but I did notice that it only seemed to work when I pointed to a JPEG; when I pointed to a PNG it seemed to revert to the placeholder image. I poked around in the APIdocumentation for any mention what image format(s) are supported but didn't turn anything up. Maybe there's something in the Admin guide.
Thank you, Colin.
What the script has done successfully in the past is use an encrypted string to point to a jpg file. Suddenly it's not working. I have tried to point directly to a jpg file, again without success. Any help is greatly appreciated.
Thank you, Colin! It's a relief to understand what's going on, though I see I have more work ahead of me to fix our situation. I appreciate your help.
Our ITS team noticed the same thing last week - we import profile photos via API but updates are no longer working.
If you're hosting the profile photos, it might be worth checking with your CSM to see if your server's hostname can be added to the whitelist.
Colin Murtaugh and Natalie Norton were either of you successful in getting the server's hostname whitelisted? We've been working on doing this with little luck.
Hi Sara --
We actually upload the avatar images to Canvas, so we didn't need to get an external server whitelisted.
We are in the process right now of trying to get avatars loaded up on Canvas through API. We are hitting a snag and I think that you were on to something with it having to be gravtar or Canvas based hosting them. I am looking into what Gravatar is right now and if that is an option. We are talking to our CSM on Monday and will mention to them about whitelisting our site so we can try it that way.
Anyway, I was wondering if you had a quick rundown on how you are uploading your images. Are you uploading them to different student profiles for them? Are you using the API? We are a little lost right now and trying to find north. What we did is not working and just trying to figure out what works from someone.
Yes, we are using an API call to change the avatar url to point to files
hosted in the cloud. To make that happen, we had to ask Canvas/Instructure
to whitelist the site where the files were located.
Iver Davidson, Ph.D.
Academic Center for Technology
New Mexico Tech
On Fri, Dec 7, 2018 at 10:02 AM email@example.com <firstname.lastname@example.org>
Thanks a ton. I saw it somewhere else that mentioned this little bit of information, but did not really expand on it. We tried a Gravatar link and it uploaded the picture perfectly. Now we have to do it on a mass scale haha. I am going to have a talk with Canvas on Monday, I will see if they can whitelist our site so we can do uploads instead of relying on Gravatar.
Retrieving data ...