[wp-trac] [WordPress Trac] #12609: Enabling FORCE_SSL_ADMIN breaks wp-cron.php
WordPress Trac
noreply at wordpress.org
Mon Jun 9 15:48:16 UTC 2014
#12609: Enabling FORCE_SSL_ADMIN breaks wp-cron.php
--------------------------+--------------------------
Reporter: dphiffer | Owner: johnbillion
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.0
Component: Cron API | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+--------------------------
Changes (by johnbillion):
* keywords: has-patch dev-feedback => needs-patch
* owner: westi => johnbillion
* status: new => accepted
* milestone: Future Release => 4.0
Comment:
After some thought I've decided we should change the default value of
`sslverify` to `false` for local requests, in order to play nicely with
hosts that can't verify their own certificates for whatever reason. The
`https_local_ssl_verify` filter will still be applied.
Local requests will loopback, meaning the request isn't exposed to the
network and there's no chance of a MITM. If the server doesn't support
loopbacks then the connection will fail regardless.
Any objections?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/12609#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list