[wp-trac] [WordPress Trac] #31288: IS_SSL should check return true for SSL Terminated load balancing
WordPress Trac
noreply at wordpress.org
Mon Aug 31 22:15:16 UTC 2015
#31288: IS_SSL should check return true for SSL Terminated load balancing
--------------------------+----------------------
Reporter: bretterer | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.6
Severity: normal | Resolution: wontfix
Keywords: has-patch | Focuses:
--------------------------+----------------------
Changes (by johnbillion):
* keywords: has-patch close => has-patch
* status: reopened => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
I'm going to close this again, with particular reference to [comment:11
comment 11] and [comment:13 comment 13].
Trusting client-provided headers, even if they are de-facto standard for
indicating a reverse proxy, is out of the question, and a filter on the
return value of `is_ssl()` provides no benefit when plugins can already
directly affect `$_SERVER['HTTPS']` (and `$_SERVER['REMOTE_ADDR']` as
necessary).
At this point, we're just re-hashing previous discussion from #19654,
#19337, #15733, and #20567.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31288#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list