[wp-trac] [WordPress Trac] #52542: HTTPS local html detection RSD check is protocol specific
WordPress Trac
noreply at wordpress.org
Tue Feb 16 17:40:59 UTC 2021
#52542: HTTPS local html detection RSD check is protocol specific
-------------------------------+----------------------------------------
Reporter: TimothyBlynJacobs | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.7
Component: Security | Version: trunk
Severity: normal | Keywords: needs-patch good-first-bug
Focuses: |
-------------------------------+----------------------------------------
The `wp_is_local_html_output` function is used to check whether the output
from the https detection loopback request comes from the WordPress site
itself.
The first check is done is for RSD, but it checks specifically for the
`http` version of the URL, whereas the other checks ignore the protocol.
In my testing environment at least, the RSD link header is output as an
`https` url when the site is requested over `https`, and as such this
check returns false. Incorrectly asserting in Site Health that I need to
talk to my host about supporting HTTPS even though my site already
supports it.
Tentatively milestoning for 5.7.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52542>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list