[wp-trac] [WordPress Trac] #31468: SSL errors/warning when "pressing" an HTTPS URL to PT hosted on an HTTP-only host
WordPress Trac
noreply at wordpress.org
Thu Feb 26 18:59:00 UTC 2015
#31468: SSL errors/warning when "pressing" an HTTPS URL to PT hosted on an HTTP-
only host
--------------------------+-----------------------
Reporter: stephdau | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.2
Component: Press This | Version:
Severity: normal | Keywords: has-patch
Focuses: |
--------------------------+-----------------------
@helen brought up that trying to press something like a Youtube page,
which is SSL by default now, to Press This hosted on a non-SSL URL leads
to (at least) Firefox telling the user that they are submitting data to a
non-encrypted location (because we use a form POST). The user can allow
for it, but it's annoying, as well as leads the new Press This window to
lose its forefront focus, hiding it behind the source.
Other browsers let this pass, likely because we're in a bookmarklet
context, but still show warning in their consoles.
The proper way to deal with this issue is to not use a form submit in this
case. Instead, we should default to passing the basic meta data (title,
selection, url), and let PT rely on its server-side media detection
instead. This is fine with Firefox and other browsers.
Attached patch does this, as well as use `window.focus()` when the popup
is loaded, for good measure.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31468>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list