[wp-trac] [WordPress Trac] #31288: IS_SSL should check return true for SSL Terminated load balancing
WordPress Trac
noreply at wordpress.org
Tue Feb 10 21:15:37 UTC 2015
#31288: IS_SSL should check return true for SSL Terminated load balancing
--------------------------+-----------------------------
Reporter: bretterer | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
With cloud load balancing and load balancing in general, the option to do
ssl termination at the load balancer and sending all traffic between the
LB and nodes over plain http will cause issues with some WordPress
Installs and Plugins. When you rely on is_ssl() to determine if you are
secure so you can forward to secure site if you are not, it does not work
on ssl terminated load balancing. The suggestion to do this in a server
side configuration is not always an option but may still need to be used.
My suggestion is we add a single check in the is_ssl function of checking
the de facto standard for identifying the originating protocol of an HTTP
request.
By relying on the HTTP_X_FORWARDED_PROTO for this case is very standard on
the internet today to test if your application should respond like it was
coming from an https request.
References for the standard
http://tools.ietf.org/html/rfc7239
http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content
/SSLTermination-d1e2479.html
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#cite_ref-15
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31288>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list