[wp-trac] [WordPress Trac] #28443: SSL behind a load balancer
WordPress Trac
noreply at wordpress.org
Mon Aug 18 02:00:01 UTC 2014
#28443: SSL behind a load balancer
--------------------------+------------------------------
Reporter: lracicot | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by tellyworth):
I agree with Andrew. There's simply no way to know if X-Forwarded-Proto
can be trusted, and doing so naively opens the possibility of bugs and
mischief.
The only reliable way to fix this is to ensure that the load balancer and
server config accurately sets the PHP server vars.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28443#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list