[wp-trac] [WordPress Trac] #49515: SSL requirement during installation with SQL command through admin if mixed content

WordPress Trac noreply at wordpress.org
Tue Aug 11 16:08:05 UTC 2020 

#49515: SSL requirement during installation with SQL command through admin if mixed
content
--------------------------------------+---------------------------------
 Reporter:  bjornenio                 |       Owner:  (none)
     Type:  feature request           |      Status:  new
 Priority:  normal                    |   Milestone:  Awaiting Review
Component:  Upgrade/Install           |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  needs-patch dev-feedback  |     Focuses:  ui, administration
--------------------------------------+---------------------------------
Changes (by zodiac1978):

 * keywords:   => needs-patch dev-feedback


Comment:

 > Would it not be a good idea to highlight / warn the user if they try to
 use http instead of https?

 I think this is a good idea! We couldn't use `is_ssl` on the install page,
 because the option is not written at this moment, so I looked for
 available solutions to look if the page is available through https and
 find this:

 {{{#!php
 <?php
 $isSecure = false;
 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
     $isSecure = true;
 }
 elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
 $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ||
 !empty($_SERVER['HTTP_X_FORWARDED_SSL']) &&
 $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
     $isSecure = true;
 }
 $REQUEST_PROTOCOL = $isSecure ? 'https' : 'http';
 }}}

 Source: https://stackoverflow.com/a/16076965

 It is checking if the variable is activated stating https support or in
 case of a load balancer and similar staff (reverse proxy, etc.) it checks
 different variables for those.

 If this would be added to the install page we could either redirect to the
 https version or display a warning, stating that https is vailable too.

 > Furthermore, it would be very beneficial if wp admin offered a solution
 in terms of a SQL command for fixing mixed content if SSL is added after
 the fact.

 This looks like plugin territory for me. And there are already many
 plugins for that already available:
 https://wordpress.org/plugins/search/ssl+mixed+content/

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49515#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list