[wp-trac] [WordPress Trac] #33688: Emoji Javascript doesn't support HTTPS
WordPress Trac
noreply at wordpress.org
Wed Apr 15 04:19:26 UTC 2020
#33688: Emoji Javascript doesn't support HTTPS
--------------------------+-----------------------
Reporter: trenzterra | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 4.3
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by markparnell):
When using Cloudflare's "flexible" setting, the end user accesses the site
over HTTPS (their connection to Cloudflare is secure) but the connection
between Cloudflare and the server is loaded over HTTP. This is necessary
if the server doesn't have any sort of certificate installed (though even
a self-signed or expired certificate is sufficient to switch Cloudflare to
"full" instead).
As such the `is_ssl()` check is going to report that SSL is not being used
as that's what the server sees in the request from Cloudflare, even though
the end user's connection is secure.
It should be quite simple to resolve this by removing the `http[s]:`
prefix from the URL since a URL starting with `//` will use the same
protocol as the page itself - and since that happens on the browser side
of things it won't be affected by the difference at the server. Then we
could avoid the `is_ssl()` check altogether.
I wonder too whether this has wider ramifications for `is_ssl()`
elsewhere?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33688#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list