[wp-trac] [WordPress Trac] #52783: Health Check mis-reports https functionality in certain situations

WordPress Trac noreply at wordpress.org
Sun Apr 11 12:05:01 UTC 2021 

#52783: Health Check mis-reports https functionality in certain situations
-------------------------------------------------+-------------------------
 Reporter:  Ipstenu                              |       Owner:
                                                 |  peterwilsoncc
     Type:  defect (bug)                         |      Status:  reopened
 Priority:  normal                               |   Milestone:  5.7.1
Component:  Site Health                          |     Version:  5.7
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests commit      |     Focuses:
  fixed-major                                    |
-------------------------------------------------+-------------------------

Comment (by knutsp):

 Replying to [comment:50 pwallner]:
 > Maybe I misunderstand the comments above, but I have https connection
 and receive this error.

 That issue is the main point for this ticket. Fixed.

 > And yes, if u not have https, error or warning are ok because more and
 more browsers request https.

 Recommendation or Critical issue is discussed, since this was altered in
 the same changeset.

 Talking about front end:
 I say critical in case HTTPS is not available, since one (browser) cannot
 upgrade the request. But when available, but not set in home_url, it could
 be a recommendation, at least for now.

 The reason for my view is that Site Health does not check if plain HTTP is
 available (status 200 on home), so in that case, using old
 links/bookmarks, the site can still be accessed by plain HTTP. For me, it'
 seems a bit pointless to call something critical when the insecure way
 (HTTP) may still be used.

 But when HTTP only check is also made in Site Health, both checks may emit
 a critical issue. (I have plugin that makes such test, but when it fails I
 classify it as a recommendation - for now.) Ticket with request to
 implement it will arrive soon.

 Finally, having wp-admin accessible without HTTPS, no `FORCE_SSL_ADMIN`
 and no https configured, is critical.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52783#comment:51>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list