[wp-trac] [WordPress Trac] #34299: Force the REST API endpoint to HTTPS when appropriate
WordPress Trac
noreply at wordpress.org
Wed Oct 14 18:19:07 UTC 2015
#34299: Force the REST API endpoint to HTTPS when appropriate
-------------------------+-----------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Given a site which runs over `http` but the admin area runs over `https`
(for example via `FORCE_SSL_ADMIN`), the REST API endpoint will point to
an `http` URL in the admin area. This makes the endpoint inaccessible to
clients due to cross-protocol restrictions.
An example of where this is visible is the [https://wordpress.org/plugins
/rest-api-console/ REST API Console plugin].
If the host name of the REST API endpoint matches the host name of the
current request, then the REST API endpoint URL can be forced to `https`.
Previous discussion:
* https://github.com/WP-API/WP-API/issues/259
* https://github.com/WP-API/rest-api-console/issues/30
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34299>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list