diff --git a/app/controllers/concerns/bbb_server.rb b/app/controllers/concerns/bbb_server.rb
index d38d52da..1346f187 100644
--- a/app/controllers/concerns/bbb_server.rb
+++ b/app/controllers/concerns/bbb_server.rb
@@ -54,6 +54,7 @@ module BbbServer
     join_opts = {}
     join_opts[:userID] = uid if uid
     join_opts[:join_via_html5] = true
+    join_opts[:avatarURL] = options[:avatarURL] if options[:avatarURL].present?
     join_opts[:createTime] = room.last_session.to_datetime.strftime("%Q") if room.last_session
 
     bbb_server.join_meeting_url(room.bbb_id, name, password, join_opts)
diff --git a/app/controllers/concerns/joiner.rb b/app/controllers/concerns/joiner.rb
index 3021082c..e5d621d7 100644
--- a/app/controllers/concerns/joiner.rb
+++ b/app/controllers/concerns/joiner.rb
@@ -47,6 +47,15 @@ module Joiner
     end
   end
 
+  def valid_avatar?(url)
+    return false if URI.regexp.match(url).nil?
+    uri = URI(url)
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true if uri.scheme == 'https'
+    response = http.request_head(uri)
+    return response['content-length'].to_i < Rails.configuration.max_avatar_size
+  end
+
   def join_room(opts)
     @room_settings = JSON.parse(@room[:room_settings])
 
@@ -60,6 +69,7 @@ module Joiner
       opts[:mute_on_start] = room_setting_with_config("muteOnStart")
 
       if current_user
+        opts[:avatarURL] = current_user.image if current_user.image.present? && valid_avatar?(current_user.image)
         redirect_to join_path(@room, current_user.name, opts, current_user.uid)
       else
         join_name = params[:join_name] || params[@room.invite_path][:join_name]
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index a2741d29..debf2511 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -180,6 +180,7 @@ class RoomsController < ApplicationController
     opts[:mute_on_start] = room_setting_with_config("muteOnStart")
     opts[:require_moderator_approval] = room_setting_with_config("requireModeratorApproval")
     opts[:record] = record_meeting
+    opts[:avatarURL] = current_user.image if current_user.image.present? && valid_avatar?(current_user.image)
 
     begin
       redirect_to join_path(@room, current_user.name, opts, current_user.uid)
diff --git a/config/application.rb b/config/application.rb
index 18704274..a4937383 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -183,5 +183,8 @@ module Greenlight
 
     # Default admin password
     config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'administrator'
+
+    # Max avatar image size
+    config.max_avatar_size = ENV['MAX_AVATAR_SIZE'].to_i.zero? ? 100000 : ENV['MAX_AVATAR_SIZE'].to_i
   end
 end
diff --git a/sample.env b/sample.env
index 0bb33966..2c10cbcc 100644
--- a/sample.env
+++ b/sample.env
@@ -356,3 +356,7 @@ DEFAULT_REGISTRATION=open
 # For details, see: https://github.com/puma/puma#clustered-mode
 # Default: 1
 #WEB_CONCURRENCY=1
+
+# Max avatar image size (bytes)
+# Default: 100000
+MAX_AVATAR_SIZE=100000