[wp-trac] [WordPress Trac] #11009: screenshots of plugins from wordpress.org load over http instead of https when FORCE_SSL_ADMIN is enabled
WordPress Trac
noreply at wordpress.org
Sat Sep 28 23:19:16 UTC 2013
#11009: screenshots of plugins from wordpress.org load over http instead of https
when FORCE_SSL_ADMIN is enabled
--------------------------------+------------------
Reporter: brantgurga | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: WordPress.org site | Version: 2.9
Severity: normal | Resolution:
Keywords: dev-feedback |
--------------------------------+------------------
Comment (by thesunpaladin):
This is still an issue.
The screenshot images have "http" instead of "https". In the file wp-
admin/includes/plugin-install.php the "plugins_api" function makes a call
to a WordPress service that returns the "Details" for a plugin. Those
details hardcode an http protocol for assets. Simply replacing http with
https in core will not address the issue because the static-asset CDN (eg:
"http://s-plugins.wordpress.org/...") does not return a valid SSL
certificate.
Here is an example of what happens when https is used to access the image:
[[Image(http://thesunpaladin.files.wordpress.com/2013/09/screen-
shot-2013-09-28-at-6-12-00-pm.png?w=640)]]
Until the CDN can serve SSL traffic there is no point in trying to resolve
this in core.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11009#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list