[wp-trac] [WordPress Trac] #28427: All cookies should be secure when `home` and `siteurl` use HTTPS
WordPress Trac
noreply at wordpress.org
Sun Jun 8 22:05:12 UTC 2014
#28427: All cookies should be secure when `home` and `siteurl` use HTTPS
-------------------------------------+------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: minor | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------
Changes (by johnbillion):
* keywords: => has-patch needs-testing
Comment:
[attachment:28427.diff] tackles this. Note that it relies on
[attachment:28487.diff:ticket:28487 my patch for is_https() on #28487].
The patch sets the 'secure' flag on...
* The test cookie if both `home_url()` and `site_url()` are https.
* The settings cookies if `site_url()` is https.
* The post password cookie if `home_url()` is https.
* The comment author cookies if the comment post permalink is https.
I'm in two minds about the comment author cookies. It could just check for
https on `home_url()` rather than the current comment post permalink.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28427#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list