[wp-trac] [WordPress Trac] #19337: is_ssl() fails on LiteSpeed server
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 28 21:06:04 UTC 2011
#19337: is_ssl() fails on LiteSpeed server
-----------------------------------------+------------------------------
Reporter: niklasbr | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.3
Severity: normal | Resolution:
Keywords: has-patch reporter-feedback |
-----------------------------------------+------------------------------
Comment (by nacin):
nginx prepends anything set via proxy_set_header with HTTP_. That is
probably what is happening here for LS.
We've generally maintained that things like setting REMOTE_ADDR based on
HTTP_X_FORWARDED_FOR (and HTTPS based on HTTP_X_FORWARDED_PROTO) is a
server configuration thing, and not something WordPress should try to mess
with. Indeed, WordPress.org itself deals with this in wp-config.php. (See
#9235.)
Until that design decision changes, I would think the same should for for
HTTP_HTTPS versus HTTPS.
A change to is_ssl() — which already tries pretty hard to detect SSL via
'on', '1', and 443 — might be something we'd consider. Then again, we're
still not addressing HTTP_X_FORWARDED_PROTO so I don't think HTTP_HTTPS
would be something we'd consider either.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19337#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list