Make WordPress Core


Ignore:
Timestamp:
01/29/2021 07:09:49 PM (3 years ago)
Author:
flixos90
Message:

Security, Site Health: Improve accuracy in messaging about HTTPS support.

Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.

  • Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
  • Link to the respective input fields via anchor links rather than to the overall General Settings screen.
  • Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
  • Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
  • Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the https_status test to become asynchronous.
  • Rename the new private wp_is_owned_html_output() function to a more appropriate wp_is_local_html_output().

Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-site-health-controller.php

    r49716 r50072  
    8080                    'permission_callback' => function () {
    8181                        return $this->validate_request_permission( 'loopback_requests' );
     82                    },
     83                ),
     84                'schema' => array( $this, 'get_public_item_schema' ),
     85            )
     86        );
     87
     88        register_rest_route(
     89            $this->namespace,
     90            sprintf(
     91                '/%s/%s',
     92                $this->rest_base,
     93                'https-status'
     94            ),
     95            array(
     96                array(
     97                    'methods'             => 'GET',
     98                    'callback'            => array( $this, 'test_https_status' ),
     99                    'permission_callback' => function () {
     100                        return $this->validate_request_permission( 'https_status' );
    82101                    },
    83102                ),
     
    198217        $this->load_admin_textdomain();
    199218        return $this->site_health->get_test_loopback_requests();
     219    }
     220
     221    /**
     222     * Checks that the site's frontend can be accessed over HTTPS.
     223     *
     224     * @since 5.7.0
     225     *
     226     * @return array
     227     */
     228    public function test_https_status() {
     229        $this->load_admin_textdomain();
     230        return $this->site_health->get_test_https_status();
    200231    }
    201232
Note: See TracChangeset for help on using the changeset viewer.