[wp-trac] [WordPress Trac] #52837: Use client-side HTTPS request to determine HTTPS update prompt
WordPress Trac
noreply at wordpress.org
Wed Mar 17 17:19:52 UTC 2021
#52837: Use client-side HTTPS request to determine HTTPS update prompt
-----------------------------+-----------------------------
Reporter: ayeshrajans | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
WordPress 5.7 ships with automatic HTTPS checks and an easy upgrade. I
think this is a great step and wholeheartedly agree with the idea.
Related: #50072, #52614
The HTTPS check is currently done server-side, which uses the Curl-bundled
root certificate store, or the one provided by WordPress. The problem is
that the HTTPS URLs are for the browser, and not only for the server.
WordPress's HTTPS connection attempt can fail on sites that might be
otherwise available over HTTPS:
- Local development servers with custom root certificates.
- Internal web sites with a custom root certificate managed by the
network administrator.
- Computers with Internet security software, that proxies all
connections.
- YOLO users who enable older SSL protocols.
I would like to suggest that we can further improve the HTTPS upgrade
prompt by making an HTTPS request to a REST end point (that is signed, and
responds with CORS) on the browser. If the request is successful, then we
can show the user a message, saying the server cannot connect the
WordPress site, but the browser could. If the user would like to upgrade
to HTTPS knowing this, I think that is an improvement either way.
Thank you.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52837>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list