[wp-trac] [WordPress Trac] #47577: Streamline detecting and enabling HTTPS
WordPress Trac
noreply at wordpress.org
Mon Dec 30 19:45:40 UTC 2019
#47577: Streamline detecting and enabling HTTPS
-------------------------------------------------+-------------------------
Reporter: flixos90 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion needs-unit-tests has- | Focuses:
patch |
-------------------------------------------------+-------------------------
Comment (by flixos90):
@miinasikk @westonruter
I wonder whether we should take a step back here and not `upgrade-
insecure-requests` for now, except those that go against the actual site
URL. While this can just as well cause issues because of e.g. media or
assets on a separate host, I think it keeps the work here more scoped.
Exploring `upgrade-insecure-requests` could be the second step - I'm
afraid this gets lost in a can of worms otherwise.
Arguably, most WordPress sites serve all their files from the same origin,
so for those the simple HTTP to HTTPS replacement should work. The
complexity of checking for files that are served from different origins
leads me to think that we should defer that work for now. Potentially it
even is plugin territory: For example, a plugin hooking media up a CDN
could (if that CDN doesn't already use HTTPS anyway) make use of
`wp_is_using_https()` to act accordingly.
Last but not least, we need to keep in mind that users can at least change
their URLs back to HTTP, should any resource unexpectedly cause their site
to break.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47577#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list