[wp-trac] [WordPress Trac] #53483: v5.7.2 - HTTPS Redirect Works for Pages But Fails for Posts
WordPress Trac
noreply at wordpress.org
Tue Jun 22 21:11:40 UTC 2021
#53483: v5.7.2 - HTTPS Redirect Works for Pages But Fails for Posts
--------------------------+-----------------------------
Reporter: bvallance | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 5.7.2
Severity: major | Keywords: needs-testing
Focuses: privacy |
--------------------------+-----------------------------
Environment:
LOCALHOST -
- Apache v2.4.43a
- PHP v7.4.0
- WordPress v5.7.2
- Chrome v91
Issue:
Brand new installation of WordPress v5.7.2. The "WordPress Address (URL)"
and "Site Address (URL)" protocol values are both set to "https." The
Settings>General>Reading>"Your home page displays" is set to a static
page. When the browser accesses the static home page, https is used, as
expected. Editing https to http in the home page URL, then refreshing the
browser, causes a redirect to https, also as expected.
The same thing DOESN'T happen when accessing posts. The "WordPress
Address (URL)" and "Site Address (URL)" protocol values are both set to
"https." The Settings>General>Reading>"Your home page displays" is set to
"Your latest posts." When the browser accesses the site, the posts
summary page is displayed using https, as expected. **When the posts
summary page URL is edited to change https to http and the browser is
refreshed, the post summary page is displayed using http, not https.**
It appears that automatic https redirection is enabled for pages BUT NOT
FOR POSTS in WordPress v5.7.2 when the protocol values for both the
"WordPress Address (URL)" and "Site Address (URL)" settings are set to
"https."
Browsing data was cleared before every test was run to eliminate the
effect of the browser cache on test results.
Is this a bug or is this intended behavior? This appears to be a
potential security issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53483>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list