[wp-trac] [WordPress Trac] #31288: IS_SSL should check return true for SSL Terminated load balancing
WordPress Trac
noreply at wordpress.org
Wed Feb 11 00:00:39 UTC 2015
#31288: IS_SSL should check return true for SSL Terminated load balancing
--------------------------+-----------------------
Reporter: bretterer | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+-----------------------
Comment (by dd32):
> Isn't WordPress currently relying on headers anyway for the is_ssl()
method.
WordPress is currently using server-provided environmental headers - ie.
Apache or nginx are saying "This is a HTTPS request", it doesn't trust
anything coming from the client.
`$_SERVER['HTTPS']` is server-provided, if a client sent a header of
`HTTPS: on`, it'd come into PHP as `$_SERVER['HTTP_HTTPS']`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31288#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list