[wp-trac] [WordPress Trac] #47577: Streamline detecting and enabling HTTPS
WordPress Trac
noreply at wordpress.org
Fri Jun 28 12:27:07 UTC 2019
#47577: Streamline detecting and enabling HTTPS
-------------------------------------------------+-------------------------
Reporter: flixos90 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion needs-unit-tests has- | Focuses:
patch |
-------------------------------------------------+-------------------------
Comment (by flixos90):
@earnjam
> It would be nice to allow filtering the Site Health action link/button
for talking to your host about HTTPS in the same way we do for the PHP
upgrade notices.
I like that suggestion, however I'd prefer if we approached this
iteratively and opened a follow-up issue to make that URL filterable. The
complexity we've learned about during the Servehappy project is that we
probably wouldn't want them to replace the wordpress.org support URL, so
we'd need to add more content and tweak the UI to allow for that, which
would require more discussion.
@westonruter
> I suggest also adding a `upgrade-insecure-requests` CSP directive to
automatically handle this outside fo the content
That's worth exploring. I'm wondering whether that would cause problems
with URLs pointing to external websites, that may still not be on HTTPS
though - how does the directive deal with images or links from such
websites? The other concern is that in order to add CSP headers into core,
it may be better to work on a simple centralized solution as a developer
API that would allow managing those directives.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47577#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list