[wp-trac] [WordPress Trac] #61915: fix(is_ssl): adds check for ssl when behind a proxy or load balancer
WordPress Trac
noreply at wordpress.org
Fri Aug 23 11:09:11 UTC 2024
#61915: fix(is_ssl): adds check for ssl when behind a proxy or load balancer
----------------------------+-----------------------------
Reporter: tbfVladd | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.6.1
Severity: normal | Keywords: has-patch
Focuses: administration |
----------------------------+-----------------------------
When hosting WordPress behind a reverse proxy or a load balancer and the
site URL is configured to start with https (Admin -> Settings -> General
-> WordPress Address & Site Address) , it isn't possible to login or view
administration due to too many redirects. WordPress gets caught in a
redirect loop and the browser shows an error page this effect.
This is caused by the request URI ($_SERVER['REQUEST_URI']) being re-
written by the reverse proxy or load balancer so the checks in wp-
login.php and wp-admin/index.php fail.
However, the convention in this configuration is to set additional HTTP
headers which this PR adds a check for.
I've tested this on the latest WordPress docker container behind an nginx
reverse proxy.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61915>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list