[wp-trac] [WordPress Trac] #52783: Health Check mis-reports https functionality in certain situations
WordPress Trac
noreply at wordpress.org
Thu Mar 11 21:14:14 UTC 2021
#52783: Health Check mis-reports https functionality in certain situations
--------------------------+-----------------------------
Reporter: Ipstenu | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
The new HTTPS health check is over-aggressive when checking if HTTPS is
working. In some cases, if you have the domain set up as HTTPS (that is,
it's in the site and home URL) but you get an error saying WP can't verify
that HTTPS is working.
After debugging with @clorith and @TimothyBlynJacobs we figured out it's
due to plugins that strip some output used by that check to validate,
which causes the check to false-flag a site as having a critical error.
{{{
$ wp option get https_detection_errors
array (
'https_request_failed' =>
array (
0 => 'HTTPS request failed.',
),
)
}}}
This also pops up if you have a headless WP site that doesn't include all
the WP info:
{{{
$ wp option get https_detection_errors
array (
'bad_response_source' =>
array (
0 => 'It looks like the response did not come from this site.',
),
)
}}}
At this point, we all feel that considering most modern browsers (FF,
Chrome, even Safari) will prevent you from visiting a site without valid
HTTPs (yes, you can get around it), this part of the check is going to
cause more drama than it's worth. We should remove that check, or change
it from critical to an 'info'.
It's reasonable to say that if someone can log in to their site via https
in the URL, then https is properly working as expected.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52783>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list