[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Mon Apr 29 21:02:33 UTC 2013
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+-----------------------------
Comment (by ryansatterfield):
Replying to [comment:38 ccolotti]:
> All I am saying is the upload URL can be HTTPS but if the normal site
browsing is HTTP, there is no need to default the image delivery to HTTPS.
Your site is either purely https or purely http. Even if you think it is
half and half, it isn't. If you use http mixed with https, you've broken
the http strict transport security, thus making it easier for hackers to
get information transmitted over https. My company, Planet Zuda has a
podcast about it if you want to listen to it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:39>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list