__group__ ticket summary owner _component _version priority severity milestone type _status workflow _created modified _description _reporter Tickets Awaiting Review 53107 HTTPS Detect & Migrate feature breaking existing HTTPS HTTP API 5.7.1 normal blocker Awaiting Review defect (bug) new 2021-04-28T21:04:12Z 2021-04-28T21:44:11Z "I have been working on an issue for 2 weeks, since my website auto-updated to WordPress 5.7. Prior to the 5.7 update, my site was already utilizing https using the Really Simple SSL plugin to accomplish HTTPS. After the update, my site has been failing WooCommerce Stripe orders. Using the Chrome browser inspect>console, I could see internet errors on the cart and checkout pages. That led me to believe there was an issue with SSL, so I started digging in. Upon removal of the Really Simple SSL plugin, my site started functioning again…for 24 hours, then the failed orders return with the same “problem connecting to Stripe API endpoint”. Looking at support forums for the Really Simple SSL plugin and support forums for the Stripe plugin, I am seeing a common instance of HTTPS/SSL connection issues since the WP 5.7 update with the HTTPS Detect and Migrate feature. https://wordpress.org/support/plugin/woocommerce-gateway-stripe/ https://wordpress.org/support/plugin/really-simple-ssl/ I have worked with my host for the past 2 weeks, no issue with server configuration. *Site has been completely rebuilt since original issue, everything up to date, and running on PHP 7.4. Disabling all plugins does not resolve issue. Other plugin that was installed was the Redirection plugin. It existed and functioned great along side of Really Simply SSL prior to WordPress 5.7 update. When issue occurs, besides customers experiencing a failed order, I receive notification inside of wp-admin stating the following: > Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/mydirectory/public_html/mydomain.com/wp-includes/update.php on line 614 WooCommerce logs show this: {{{ 2021-04-17T18:04:41+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== sources/src_1IhIVWLaN8oj4ayJigp45Mf3 ====End Log==== 2021-04-17T18:04:41+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== customers request: Array ( [email] => joycenillen@yahoo.com [description] => Name: Joyce Nillen, Guest [name] => Joyce Nillen [metadata] => Array ( ) ) ====End Log==== 2021-04-17T18:04:42+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Info: Begin processing payment for order 9405 for the amount of 25.96 ====End Log==== 2021-04-17T18:04:42+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents request: Array ( [source] => src_1IhIVWLaN8oj4ayJigp45Mf3 [amount] => 2596 [currency] => usd [description] => Light My Safe - Order 22772 [metadata] => Array ( [customer_name] => Joyce Nillen [customer_email] => joycenillen@yahoo.com [order_id] => 22772 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JJwO71o01oVKCe [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Joyce Nillen [address] => Array ( [line1] => 31011 Still Oaks Ln [line2] => [city] => Spring [country] => US [postal_code] => 77386 [state] => TX ) ) ) ====End Log==== 2021-04-17T18:05:53+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error Response: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 70000 milliseconds with 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) Failed request: Array ( [api] => payment_intents [request] => Array ( [source] => src_1IhIVWLaN8oj4ayJigp45Mf3 [amount] => 2596 [currency] => usd [description] => Light My Safe - Order 22772 [metadata] => Array ( [customer_name] => Joyce Nillen [customer_email] => joycenillen@yahoo.com [order_id] => 22772 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JJwO71o01oVKCe [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Joyce Nillen [address] => Array ( [line1] => 31011 Still Oaks Ln [line2] => [city] => Spring [country] => US [postal_code] => 77386 [state] => TX ) ) ) [idempotency_key] => ) ====End Log==== 2021-04-17T18:05:53+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 70000 milliseconds with 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) ====End Log==== 2021-04-17T21:55:16+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error: Unable to verify domain - cURL error 35: SSL connect error ====End Log==== 2021-04-17T21:55:43+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error: Unable to verify domain - cURL error 35: SSL connect error ====End Log==== 2021-04-25T01:37:27+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== sources/src_1IjwuWLaN8oj4ayJqztQW0Eq ====End Log==== 2021-04-25T01:37:28+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== customers request: Array ( [email] => lloydjm87735@gmail.com [description] => Name: Joshua Lloyd, Guest [name] => Joshua Lloyd [metadata] => Array ( ) ) ====End Log==== 2021-04-25T01:37:29+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Info: Begin processing payment for order 9861 for the amount of 67.41 ====End Log==== 2021-04-25T01:37:29+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents request: Array ( [source] => src_1IjwuWLaN8oj4ayJqztQW0Eq [amount] => 6741 [currency] => usd [description] => Light My Safe - Order 22783 [metadata] => Array ( [customer_name] => Joshua Lloyd [customer_email] => lloydjm87735@gmail.com [order_id] => 22783 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMgHueqPvXNYj4 [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Joshua Lloyd [address] => Array ( [line1] => 735 West Chapel Drive [line2] => [city] => Bumpass [country] => US [postal_code] => 23024 [state] => VA ) ) ) ====End Log==== 2021-04-25T01:37:31+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Stripe PaymentIntent pi_1IjwudLaN8oj4ayJ2czGCrrS initiated for order 9861 ====End Log==== 2021-04-25T01:37:31+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents/pi_1IjwudLaN8oj4ayJ2czGCrrS/confirm request: Array ( [source] => src_1IjwuWLaN8oj4ayJqztQW0Eq ) ====End Log==== 2021-04-25T01:37:34+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Stripe PaymentIntent pi_1IjwudLaN8oj4ayJ2czGCrrS succeeded for order 9861 ====End Log==== 2021-04-25T01:37:34+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Processing response: stdClass Object ( [id] => ch_1IjwueLaN8oj4ayJhKytz6OP [object] => charge [amount] => 6741 [amount_captured] => 6741 [amount_refunded] => 0 [application] => [application_fee] => [application_fee_amount] => [balance_transaction] => txn_1IjwufLaN8oj4ayJ6M1CLoJO [billing_details] => stdClass Object ( [address] => stdClass Object ( [city] => Bumpass [country] => US [line1] => 735 West Chapel Drive [line2] => [postal_code] => 23024 [state] => VA ) [email] => lloydjm87735@gmail.com [name] => Joshua Lloyd [phone] => 8043665608 ) [calculated_statement_descriptor] => LIGHT MY SAFE, LLC [captured] => 1 [created] => 1619314652 [currency] => usd [customer] => cus_JMgHueqPvXNYj4 [description] => Light My Safe - Order 22783 [destination] => [dispute] => [disputed] => [failure_code] => [failure_message] => [fraud_details] => stdClass Object ( ) [invoice] => [livemode] => 1 [metadata] => stdClass Object ( [customer_name] => Joshua Lloyd [customer_email] => lloydjm87735@gmail.com [order_id] => 22783 [site_url] => https://www.lightmysafe.com ) [on_behalf_of] => [order] => [outcome] => stdClass Object ( [network_status] => approved_by_network [reason] => [risk_level] => normal [seller_message] => Payment complete. [type] => authorized ) [paid] => 1 [payment_intent] => pi_1IjwudLaN8oj4ayJ2czGCrrS [payment_method] => src_1IjwuWLaN8oj4ayJqztQW0Eq [payment_method_details] => stdClass Object ( [card] => stdClass Object ( [brand] => visa [checks] => stdClass Object ( [address_line1_check] => pass [address_postal_code_check] => pass [cvc_check] => pass ) [country] => US [exp_month] => 10 [exp_year] => 2023 [fingerprint] => uX3MQuWxGSmWp2Me [funding] => debit [installments] => [last4] => 9226 [network] => visa [three_d_secure] => [wallet] => ) [type] => card ) [receipt_email] => [receipt_number] => [receipt_url] => https://pay.stripe.com/receipts/acct_156BO7LaN8oj4ayJ/ch_1IjwueLaN8oj4ayJhKytz6OP/rcpt_JMgHVsrBo3qlMMFbdJpkjyjP6bw531O [refunded] => [refunds] => stdClass Object ( [object] => list [data] => Array ( ) [has_more] => [total_count] => 0 [url] => /v1/charges/ch_1IjwueLaN8oj4ayJhKytz6OP/refunds ) [review] => [shipping] => stdClass Object ( [address] => stdClass Object ( [city] => Bumpass [country] => US [line1] => 735 West Chapel Drive [line2] => [postal_code] => 23024 [state] => VA ) [carrier] => [name] => Joshua Lloyd [phone] => [tracking_number] => ) [source] => stdClass Object ( [id] => src_1IjwuWLaN8oj4ayJqztQW0Eq [object] => source [amount] => [card] => stdClass Object ( [exp_month] => 10 [exp_year] => 2023 [last4] => 9226 [country] => US [brand] => Visa [address_line1_check] => pass [address_zip_check] => pass [cvc_check] => pass [funding] => debit [fingerprint] => uX3MQuWxGSmWp2Me [three_d_secure] => optional [name] => [tokenization_method] => [dynamic_last4] => ) [client_secret] => src_client_secret_mKUo0uaOE2CjiExXjpNwBzdh [created] => 1619314653 [currency] => [flow] => none [livemode] => 1 [metadata] => stdClass Object ( ) [owner] => stdClass Object ( [address] => stdClass Object ( [city] => Bumpass [country] => US [line1] => 735 West Chapel Drive [line2] => [postal_code] => 23024 [state] => VA ) [email] => lloydjm87735@gmail.com [name] => Joshua Lloyd [phone] => 8043665608 [verified_address] => [verified_email] => [verified_name] => [verified_phone] => ) [statement_descriptor] => [status] => consumed [type] => card [usage] => reusable ) [source_transfer] => [statement_descriptor] => LIGHT MY SAFE, LLC [statement_descriptor_suffix] => [status] => succeeded [transfer_data] => [transfer_group] => ) ====End Log==== 2021-04-25T01:37:34+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== balance/history/txn_1IjwufLaN8oj4ayJ6M1CLoJO ====End Log==== 2021-04-25T04:40:09+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== sources/src_1IjzlJLaN8oj4ayJdx2eFhR7 ====End Log==== 2021-04-25T04:40:11+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== customers request: Array ( [email] => ralph@rlsanford.ca [description] => Name: Ralph Sanford, Guest [name] => Ralph Sanford [metadata] => Array ( ) ) ====End Log==== 2021-04-25T04:40:12+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Info: Begin processing payment for order 9862 for the amount of 101.18 ====End Log==== 2021-04-25T04:40:12+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents request: Array ( [source] => src_1IjzlJLaN8oj4ayJdx2eFhR7 [amount] => 10118 [currency] => usd [description] => Light My Safe - Order 22784 [metadata] => Array ( [customer_name] => Ralph Sanford [customer_email] => ralph@rlsanford.ca [order_id] => 22784 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMjDGV5zOVuq1R [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Ralph Sanford [address] => Array ( [line1] => 612 68 Avenue NW [line2] => [city] => Calgary [country] => CA [postal_code] => T2K 0N1 [state] => AB ) ) ) ====End Log==== 2021-04-25T04:40:13+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Stripe PaymentIntent pi_1IjzlRLaN8oj4ayJ4WkvrtSG initiated for order 9862 ====End Log==== 2021-04-25T04:40:13+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents/pi_1IjzlRLaN8oj4ayJ4WkvrtSG/confirm request: Array ( [source] => src_1IjzlJLaN8oj4ayJdx2eFhR7 ) ====End Log==== 2021-04-25T04:40:15+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Stripe PaymentIntent pi_1IjzlRLaN8oj4ayJ4WkvrtSG succeeded for order 9862 ====End Log==== 2021-04-25T04:40:15+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Processing response: stdClass Object ( [id] => ch_1IjzlSLaN8oj4ayJa2iVzgKW [object] => charge [amount] => 10118 [amount_captured] => 10118 [amount_refunded] => 0 [application] => [application_fee] => [application_fee_amount] => [balance_transaction] => txn_1IjzlTLaN8oj4ayJvRWNsgml [billing_details] => stdClass Object ( [address] => stdClass Object ( [city] => Calgary [country] => CA [line1] => 612 68 Avenue NW [line2] => [postal_code] => T2K 0N1 [state] => AB ) [email] => ralph@rlsanford.ca [name] => Ralph Sanford [phone] => 4036609969 ) [calculated_statement_descriptor] => LIGHT MY SAFE, LLC [captured] => 1 [created] => 1619325614 [currency] => usd [customer] => cus_JMjDGV5zOVuq1R [description] => Light My Safe - Order 22784 [destination] => [dispute] => [disputed] => [failure_code] => [failure_message] => [fraud_details] => stdClass Object ( ) [invoice] => [livemode] => 1 [metadata] => stdClass Object ( [customer_name] => Ralph Sanford [customer_email] => ralph@rlsanford.ca [order_id] => 22784 [site_url] => https://www.lightmysafe.com ) [on_behalf_of] => [order] => [outcome] => stdClass Object ( [network_status] => approved_by_network [reason] => [risk_level] => normal [seller_message] => Payment complete. [type] => authorized ) [paid] => 1 [payment_intent] => pi_1IjzlRLaN8oj4ayJ4WkvrtSG [payment_method] => src_1IjzlJLaN8oj4ayJdx2eFhR7 [payment_method_details] => stdClass Object ( [card] => stdClass Object ( [brand] => visa [checks] => stdClass Object ( [address_line1_check] => pass [address_postal_code_check] => pass [cvc_check] => pass ) [country] => CA [exp_month] => 12 [exp_year] => 2023 [fingerprint] => tyNgZW4ajYdD9uFa [funding] => credit [installments] => [last4] => 5113 [network] => visa [three_d_secure] => [wallet] => ) [type] => card ) [receipt_email] => [receipt_number] => [receipt_url] => https://pay.stripe.com/receipts/acct_156BO7LaN8oj4ayJ/ch_1IjzlSLaN8oj4ayJa2iVzgKW/rcpt_JMjDjWskkLxJwdvsW2YoodB8q1Czb6R [refunded] => [refunds] => stdClass Object ( [object] => list [data] => Array ( ) [has_more] => [total_count] => 0 [url] => /v1/charges/ch_1IjzlSLaN8oj4ayJa2iVzgKW/refunds ) [review] => [shipping] => stdClass Object ( [address] => stdClass Object ( [city] => Calgary [country] => CA [line1] => 612 68 Avenue NW [line2] => [postal_code] => T2K 0N1 [state] => AB ) [carrier] => [name] => Ralph Sanford [phone] => [tracking_number] => ) [source] => stdClass Object ( [id] => src_1IjzlJLaN8oj4ayJdx2eFhR7 [object] => source [amount] => [card] => stdClass Object ( [exp_month] => 12 [exp_year] => 2023 [last4] => 5113 [country] => CA [brand] => Visa [address_line1_check] => pass [address_zip_check] => pass [cvc_check] => pass [funding] => credit [fingerprint] => tyNgZW4ajYdD9uFa [three_d_secure] => optional [name] => [tokenization_method] => [dynamic_last4] => ) [client_secret] => src_client_secret_UisPsYhUseJAbcX9at145AQK [created] => 1619325615 [currency] => [flow] => none [livemode] => 1 [metadata] => stdClass Object ( ) [owner] => stdClass Object ( [address] => stdClass Object ( [city] => Calgary [country] => CA [line1] => 612 68 Avenue NW [line2] => [postal_code] => T2K 0N1 [state] => AB ) [email] => ralph@rlsanford.ca [name] => Ralph Sanford [phone] => 4036609969 [verified_address] => [verified_email] => [verified_name] => [verified_phone] => ) [statement_descriptor] => [status] => consumed [type] => card [usage] => reusable ) [source_transfer] => [statement_descriptor] => LIGHT MY SAFE, LLC [statement_descriptor_suffix] => [status] => succeeded [transfer_data] => [transfer_group] => ) ====End Log==== 2021-04-25T04:40:15+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== balance/history/txn_1IjzlTLaN8oj4ayJvRWNsgml ====End Log==== 2021-04-25T12:47:50+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Your domain has been verified with Apple Pay! ====End Log==== 2021-04-25T13:01:45+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Your domain has been verified with Apple Pay! ====End Log==== 2021-04-25T14:46:55+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== sources/src_1Ik9EXLaN8oj4ayJLpQu124U ====End Log==== 2021-04-25T14:46:56+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== customers request: Array ( [email] => yjcrawler1@me.com [description] => Name: Ben Smith, Guest [name] => Ben Smith [metadata] => Array ( ) ) ====End Log==== 2021-04-25T14:46:57+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Info: Begin processing payment for order 9863 for the amount of 66.71 ====End Log==== 2021-04-25T14:46:57+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents request: Array ( [source] => src_1Ik9EXLaN8oj4ayJLpQu124U [amount] => 6671 [currency] => usd [description] => Light My Safe - Order 22785 [metadata] => Array ( [customer_name] => Ben Smith [customer_email] => yjcrawler1@me.com [order_id] => 22785 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMt0Q61Pi2GIsk [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Ben Smith [address] => Array ( [line1] => 5821 Nunatak Pl [line2] => [city] => Las Cruces [country] => US [postal_code] => 88012 [state] => NM ) ) ) ====End Log==== 2021-04-25T14:47:08+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error Response: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 10005 milliseconds with 0 out of 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) Failed request: Array ( [api] => payment_intents [request] => Array ( [source] => src_1Ik9EXLaN8oj4ayJLpQu124U [amount] => 6671 [currency] => usd [description] => Light My Safe - Order 22785 [metadata] => Array ( [customer_name] => Ben Smith [customer_email] => yjcrawler1@me.com [order_id] => 22785 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMt0Q61Pi2GIsk [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Ben Smith [address] => Array ( [line1] => 5821 Nunatak Pl [line2] => [city] => Las Cruces [country] => US [postal_code] => 88012 [state] => NM ) ) ) [idempotency_key] => ) ====End Log==== 2021-04-25T14:47:08+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 10005 milliseconds with 0 out of 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) ====End Log==== 2021-04-25T14:47:51+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== sources/src_1Ik9FQLaN8oj4ayJNh69u4Em ====End Log==== 2021-04-25T14:47:53+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== customers request: Array ( [email] => yjcrawler1@me.com [description] => Name: Ben Smith, Guest [name] => Ben Smith [metadata] => Array ( ) ) ====End Log==== 2021-04-25T14:47:54+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Info: Begin processing payment for order 9863 for the amount of 66.71 ====End Log==== 2021-04-25T14:47:54+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== payment_intents request: Array ( [source] => src_1Ik9FQLaN8oj4ayJNh69u4Em [amount] => 6671 [currency] => usd [description] => Light My Safe - Order 22785 [metadata] => Array ( [customer_name] => Ben Smith [customer_email] => yjcrawler1@me.com [order_id] => 22785 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMt1GQZtDRRBV6 [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Ben Smith [address] => Array ( [line1] => 5821 Nunatak Pl [line2] => [city] => Las Cruces [country] => US [postal_code] => 88012 [state] => NM ) ) ) ====End Log==== 2021-04-25T14:48:04+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error Response: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 10005 milliseconds with 0 out of 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) Failed request: Array ( [api] => payment_intents [request] => Array ( [source] => src_1Ik9FQLaN8oj4ayJNh69u4Em [amount] => 6671 [currency] => usd [description] => Light My Safe - Order 22785 [metadata] => Array ( [customer_name] => Ben Smith [customer_email] => yjcrawler1@me.com [order_id] => 22785 [site_url] => https://www.lightmysafe.com ) [capture_method] => automatic [payment_method_types] => Array ( [0] => card ) [customer] => cus_JMt1GQZtDRRBV6 [statement_descriptor] => LIGHT MY SAFE, LLC [shipping] => Array ( [name] => Ben Smith [address] => Array ( [line1] => 5821 Nunatak Pl [line2] => [city] => Las Cruces [country] => US [postal_code] => 88012 [state] => NM ) ) ) [idempotency_key] => ) ====End Log==== 2021-04-25T14:48:04+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Error: WP_Error Object ( [errors] => Array ( [http_request_failed] => Array ( [0] => cURL error 28: Operation timed out after 10005 milliseconds with 0 out of 0 bytes received ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) ) ====End Log==== 2021-04-27T03:48:41+00:00 DEBUG ====Stripe Version: 5.1.0==== ====Start Log==== Stripe Payment Request live mode requires SSL. ====End Log==== }}}" nilltech Tickets Awaiting Review 55610 HTTP response should not be 200 when returning error-page HTTP API normal major Awaiting Review defect (bug) new 2022-04-23T09:21:41Z 2022-11-29T17:24:50Z "Current behavior: When WordPress web site was under high concurrency access, the database connections may reach the limitation of the system resource. WordPress was still returning 200 of HTTP response code when database connection error happens. The page with error information as: Error establishing a database connection This either means that the username and password information in your wp-config.php file is incorrect or we can't contact the database server at dbhost. This could mean your host's database server is down. Expected behavior: Returns HTTP code with 500 or other error codes to indicate error happens, when showing error pages." april213 Unpatched Bugs 48432 WordPress updates broken with proxy and non routed environment HTTP API 5.2.4 normal major Future Release defect (bug) reopened 2019-10-25T11:41:39Z 2022-02-17T17:05:29Z "Hi, This change [46475] broke updates when you're using proxy and you don't have DNS resolution/routing for the outside world. (like corporate networks) Issue came up with this url https://downloads.wordpress.org/plugin/multiple-domain.zip parsed_url: {{{ Array( [scheme] => https [host] => downloads.wordpress.org [path] => /plugin/multiple-domain.zip ) }}} I think it worked before because {{{ if ( empty( $parsed_url['port'] ) ) { return $url; } }}} returned the URL and not false. I tested changing it back to {{{ $ip = false;}}} and I was able to update plugins." sooslaca Tickets Awaiting Review 40502 Add the check version and template attributes method for /themes/update-check/1.1/ API HTTP API 4.7.4 normal normal Awaiting Review defect (bug) new 2017-04-20T19:55:09Z 2017-04-20T19:55:09Z "I created a child theme for work, but WordPress noticed me that new theme has an update. That is so weird. So I traced the code and found that problem is API(api.wordpress.org/themes/update-check/1.1/) did not check the whole theme's info between local and WordPress DB. Here is my steps: 1. install the base theme named `site` 2. create a child theme named `royal` 3. add theme info in royal/style.css and royal/functions.php style.css: /* Theme Name: Royal Author: Knockers Version: 1.0 Template: site */ functions.php: 4. login to wp-admin/themes.php and the update notice shows up! I think the API must check the `Theme Name`, `Version`, `Author` and `Template` attributes at least and make sure the theme package is current belong to someone." mxp Tickets Awaiting Review 51767 Broken logic for `https_local_ssl_verify` filter due to missing `local` argument HTTP API 4.6 normal normal Awaiting Review defect (bug) new 2020-11-13T09:29:11Z 2020-11-13T09:29:11Z "When the Requests library was merged in WP 4.6, the `local` element in the `$args` array of an HTTP API request was removed. The logic for the `https_local_ssl_verify` filter relies on this argument being present and therefore doesn't behave properly. To reproduce, perform an HTTP API request to `home_url()` and verify that the `https_local_ssl_verify` filter does not get triggered. Introduced in [37428]." johnbillion Tickets Awaiting Review 60788 Content-Disposition support in download_url() seems broken HTTP API 6.4.3 normal normal Awaiting Review defect (bug) new 2024-03-16T01:12:30Z 2024-03-16T01:12:30Z " In https://core.trac.wordpress.org/changeset/51939 a change was made to resolve ticket https://core.trac.wordpress.org/ticket/38231 to make `download_url()` use the `Content-Disposition` header to specify the name of the downloaded file. I realize I'm a bit late to the party here since the ticket was opened more than 7 years ago and the change was made more than 2 years ago, but I think that this change was flawed and needs to be reconsidered (and possibly reverted entirely). The way it was implemented seems fundamentally broken and has the effect of making `download_url()` basically impossible to use reliably. Consider the following simple PHP script named `echo.php`: {{{#!php handle, CURLOPT_PROXY, 'proxy.xxx.de' ); curl_setopt( $this->handle, CURLOPT_PROXYPORT, 80 ); curl_exec($this->handle); }}} " einxperiment Tickets Awaiting Review 34924 Network upgrade fails on tls 1.2 only servers HTTP API 2.7 normal normal Awaiting Review defect (bug) new 2015-12-09T01:37:03Z 2018-07-16T19:56:09Z "Setup: Nginx 1.9.7 on Centos 7.1 with cURL 7.29 SSL configured with 'ssl_protocols TLSv1.2' only because Firefox does only accept TLS 1.2 for http/2 Symptom: After upgrading from WordPress 4.3 to 4.4 the network upgrade fails with error message: 'Your server may not be able to connect to sites running on it. Error message: TCP connection reset by peer' Test: Setting 'curl_setopt ( $handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1 );' in WP_Http_Curl::request solves the issue This is definitely an issue with older cURL versions. cURL 7.45 works well as reported by @dd32. Suggestion: Conditionally set CURLOPT_SSLVERSION if the first connect over https fails. Hint: Since WP_Http_Curl has been introduced in WordPress 2.7.0 I guess all version since 2.7.0 are affected. " mensmaximus Tickets Awaiting Review 41608 Post files using cURL HTTP API 4.6 normal normal Awaiting Review defect (bug) new 2017-08-11T06:58:35Z 2017-08-11T09:23:40Z "It's impossible to post files by http using cURL via the WordPress API. If you look at the code in the ''setup_handle'' method in ''Requests_Transport_cURL'' class found in the ''/wp-includes/Requests/Transport/cURL.php'' file, you'll see that the POST data is always converted to a string using the PHP ''http_build_query'' function. However, according to the PHP manual at [http://www.php.net/manual/en/function.curl-setopt.php], the value passed to CURLOPT_POSTFIELDS must be an array if files are passed to this option. " codealfa Tickets Awaiting Review 49203 Requests::request_multiple() does not honor $auth option HTTP API 5.4 normal normal Awaiting Review defect (bug) new 2020-01-15T13:40:53Z 2020-02-05T06:52:49Z "If individual requests have an option for `$auth`, the authentication `CURLOPT`s don't get set as `curl.before_send` is never dispatched. Manually setting an 'Authorization' header overcomes this limitation. I suspect this is not intended behaviour however, cf. documentation in #48349." alpipego Tickets Awaiting Review 40784 WP_HTTP_IXR_Client constructor needs to check that $server is valid HTTP API 4.7.4 normal normal Awaiting Review defect (bug) new has-patch 2017-05-17T12:11:28Z 2017-08-04T22:03:31Z "ErrorException is thrown: {{{Undefined index: host}}} and {{{Undefined index: scheme }}} When WP_HTTP_IXR_Client is instantiated in {{{pingback()}}}, {{{$path}}} is checked, but {{{$server}}} may still be invalid or false, which sends an invalid URL to {{{parse_url()}}}. Instantiation: {{{ $client = new WP_HTTP_IXR_Client($pingback_server_url); }}} Excerpt from class: {{{#!php scheme = $bits['scheme']; $this->server = $bits['host']; ... }}} In the code that instantiates {{{WP_HTTP_IXR_Client}}}, it is clear that {{{discover_pingback_server_uri}}} could return false, which then gets passed as a constructor parameter. Relevant code block: {{{ $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); if ( $pingback_server_url ) { @ set_time_limit( 60 ); // Now, the RPC call $pagelinkedfrom = get_permalink( $post ); // using a timeout of 3 seconds should be enough to cover slow servers $client = new WP_HTTP_IXR_Client($pingback_server_url); $client->timeout = 3; }}} Possible resolution: {{{filter_var($server, FILTER_VALIDATE_URL) }}} should be used to test the URL prior to {{{parse_url($server)}}}" chrispecoraro Tickets Awaiting Review 60564 download_url() always returns error_code 'http_404' for any non-200 responses HTTP API 6.4.3 normal normal Awaiting Review defect (bug) new 2024-02-16T20:45:22Z 2024-02-16T20:45:22Z "Expected: Return WP_Error code ""http_406"" if a 406 occurs while downloading the URL. Return WP_Error code ""http_500"" if a 500 occurs while downloading the URL. ... Actually doing it wrong: download_url() always returns WP_Error code ""http_404"" on any non-200 status. {{{ object(WP_Error)#11262 (3) { [""errors""]=> array(1) { [""http_404""]=> array(1) { [0]=> string(14) ""Not Acceptable"" } } [""error_data""]=> array(1) { [""http_404""]=> array(2) { [""code""]=> int(406) [""body""]=> string(0) """" } } [""additional_data"":protected]=> array(0) { } } }}} see https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/file.php#L1214 {{{#!php tries connecting to proxy with tls, fail. - http://api.wordpress.org/ -> works HTTP proxy with TLS: - https://api.wordpress.org/ -> (probably? -- haven't tried) works - http://api.wordpress.org/ -> tries connecting to proxy without tls, fail. " flameeyes Tickets Awaiting Review 50288 fsockopen request turns off SNI when it shouldn't HTTP API 5.4.1 normal normal Awaiting Review defect (bug) new 2020-05-31T10:11:29Z 2020-05-31T10:11:29Z "I have a multisite setup where there are 3 domains in the same server. The network upgrade button fails every time with this sort of error: {{{ Warning! Problem updating https://example.com. Your server may not be able to connect to sites running on it. Error message: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure stream_socket_client(): Failed to enable crypto stream_socket_client(): unable to connect to ssl://example.com:443 (Unknown error) }}} The issue is that my sites use SNI and the upgrade setup doesn't enable SNI because verification is turned off. The bug can be traced to fsockopen transport in wp-includes/Requests/Transport/fsockopen.php line 444. {{{#!php =0.9.8j) if (defined('OPENSSL_TLSEXT_SERVER_NAME') && OPENSSL_TLSEXT_SERVER_NAME) { $context_options['SNI_enabled'] = true; if (isset($options['verifyname']) && $options['verifyname'] === false) { $context_options['SNI_enabled'] = false; } } }}} If you have verifyname option set to false then SNI is not enabled. However you need SNI on for this to work anyway. The work-around is to comment out the $context_options['SNI_enabled'] = false; line and it the network upgrade works fine." csmall2 Tickets Awaiting Review 44174 wp_get_http_headers does not return status code or follow redirects HTTP API 4.9.6 normal normal Awaiting Review defect (bug) new 2018-05-21T13:13:02Z 2018-05-21T13:13:02Z "wp_get_http_headers performs an HTTP HEAD request and returns a simple success or failure code. This function is listed as part of the ""HTTP API"" on https://codex.wordpress.org/Function_Reference. If the target resource issues a redirect, it is not followed, nor is the specific redirect code returned. It is possible to check for the Location header & follow the redirect manually. But wp_get_http_headers should, at least optionally, process redirects. It should also return the HTTP status code and message. One way to do this would be the Apache model - provide a Status pseudo-header in the response (e.g. 'Status' => '200 OK') If a WordPress resource returns a 404 code, the result is 'success' with an HTML page suitable for humans - HEAD, of course, simply says content-type: text/html. This is indistinguishable from 200 for the page. The underlying wp_safe_remote_head API seems to return the status, but it's not returned from wp_get_http_headers. Note that wp_safe_remote_head is not listed on the function reference page, so I assume is not intended for public use. (If context matters, I'm using it to implement a shortcode in a plugin.) I'm leaving this as a ""bug"" since failure to provide status prevents a caller from detecting errors and correctly processing a response." tlhackque Tickets Awaiting Review 49385 wp_remote_get() cannot retrieve webcal URIs HTTP API normal normal Awaiting Review defect (bug) new needs-unit-tests 2020-02-07T18:33:22Z 2020-02-07T19:11:06Z "In #31666, `webcal` was added to the list of allowed protocols. Unfortunately this does not bubble up into the HTTP API for remote requests, and `wp_remote_get()` on a `webcal://` URI will fail with: {{{ object(WP_Error)[532] public 'errors' => array (size=1) 'http_request_failed' => array (size=1) 0 => string 'A valid URL was not provided.' (length=29) public 'error_data' => array (size=0) empty }}} Here is my proof-of-concept to show off the failure: {{{ add_action( 'plugins_loaded', function() { // Public iCloud calendar I created $uri = 'webcal://p41-caldav.icloud.com/published/2/AAAAAAAAAAAAAAAAAAAAAF-eqSypTVlehAPwNTiPeHHBkTEvCi1qK6G4LDcU1Fr6AKLM-yaJrbRrhSSGMrjSbAxJZJ6TibzOCKLh0xBSpKI'; // Regular remote get call $get = wp_remote_get( $uri ); // Dump results var_dump( $get ); die; } ); }}}" johnjamesjacoby Tickets Awaiting Review 47483 Add filters for included CA bundle path HTTP API normal normal Awaiting Review enhancement new has-patch 2019-06-05T07:31:23Z 2021-10-14T16:21:24Z "Allow overriding of CA bundle path. See also #45807" skithund Tickets Awaiting Review 39695 Add preload headers in redirects HTTP API normal normal Awaiting Review enhancement new needs-unit-tests 2017-01-25T22:09:45Z 2017-02-27T09:32:49Z "http2 push enabled servers can immediately push linked assets or documents for the client. This saves clients from one round-trip. At the moment at least Cloudflare and h2o web server can http2 server push assets defined in Link headers: https://www.w3.org/TR/preload/#server-push-http-2. I believe more will follow in the next few years. WordPress powers so much of the web that it's our responsibility to try to make it as fast as we can. This is usually quite hard topic because we have no idea what is stored in the client browser cache. We can start implementing the Link preload headers in internal redirects because in that situation it's quite obvious that the client wants to make that request as their next one. This is what I want to achieve {{{ $ curl --http2 -i https://wordpress.test/wp-admin/ HTTP/2 302 ... Location: https://laextra.test/wp-login.php?redirect_to=https%3A%2F%2Flaextra.test%2Fwp-admin%2F&reauth=1 Link: ; rel=preload; as=document }}} I created a patch which adds these headers automatically in '''wp_redirect()''' function. Links about http2 server push: https://blog.cloudflare.com/announcing-support-for-http-2-server-push-2/ https://h2o.examp1e.net/configure/http2_directives.html" onnimonni Tickets Awaiting Review 60658 Set http_build_query as an option to Curl class HTTP API 6.4.3 normal normal Awaiting Review enhancement new 2024-02-29T09:46:40Z 2024-02-29T09:46:40Z "I had a problem integrating an API, as explained in this [[https://stackoverflow.com/questions/78075910/reduce-the-parameters-of-wordpress-curl/78080020|Stack Overflow question]]. I was requesting that an option (e.g. `'query_body' => true` by default) be added to `$args` in `class WP_Http`. The option would affect `class Curl` under `function setup_handle` where `$data = http_build_query($data, '', '&');` It would then look like (or similar): class-wp-http.php (line 206): {{{#!php 'body' => null, 'query_body' => true, 'compress' => false, }}} class-wp-http.php (line 322): {{{#!php $options = array( 'query_body' => $parsed_args['query_body'], 'timeout' => $parsed_args['timeout'], }}} Curl.php (line 393): {{{#!php } elseif (!is_string($data)) { $data = $options['query_body'] ? http_build_query($data, '', '&') : $data; } }}} When I make these changes to my copy of WordPress, the API works and it does not affect the rest of the core." elzix Tickets Awaiting Review 40142 WP Remote Remaining Methods HTTP API 2.7 normal normal Awaiting Review enhancement new needs-unit-tests 2017-03-13T16:46:43Z 2023-04-19T19:43:33Z "While we have `wp_remote_post()` and `wp_remote_get` I would like to see helper functions for the remaining HTTP Methods. These can be very useful working with third-party APIs, and as the Rest API becomes more important. '''Requested Functions:''' `wp_remote_delete()` `wp_remote_put()` `wp_remote_trace()` `wp_remote_get_head()` `wp_remote_get_options()` `wp_remote_connect()` Further Reading: https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html" bhubbard Tickets Awaiting Review 52631 ability to override http 'connect_timeout' HTTP API 5.6.2 normal normal Awaiting Review enhancement new 2021-02-23T20:29:47Z 2022-06-09T12:07:36Z The default is 10s which is too long for my usage. Ability to override in the same manner 'timeout' can be overridden. bdanchilla Tickets Awaiting Review 59708 get_allowed_http_origins(): Default list only HTTPS HTTP API normal normal Awaiting Review enhancement new has-patch 2023-10-23T17:28:41Z 2023-10-23T17:32:13Z https://core.trac.wordpress.org/changeset/20794 was when this was introduced. Is it worth revisiting to see if `http` protocols are still needed in 2023? rebasaurus Tickets Awaiting Review 59021 Is there a way to monitor active connection initiated by cron and other running script (similar to netstat in windows) HTTP API normal normal Awaiting Review feature request new 2023-08-09T11:24:27Z 2023-08-09T11:33:25Z Is there a way to monitor active connection initiated by cron and other running script (similar to netstat in windows) and if possible to terminate or block specific outbound connection/IP. havoc2k7 Tickets Awaiting Review 42839 wp_remote_post should support multipart uploads HTTP API normal normal Awaiting Review feature request new 2017-12-08T13:49:32Z 2020-01-22T11:05:19Z Currently `wp_remote_post` doesn't support multipart uploads (file uploads). Because of this many plugin authors need to workaround this by implementing their own way to upload files remotely. calin Candidates for Closure 48124 Cant disable SSL verification when using Requests::request_multiple HTTP API 5.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2019-09-24T12:02:11Z 2019-10-15T18:52:03Z "When using the Requests::request_multiple method, it is not possible to disable SSL verification using verify or verifyname. setup_handle in wp-includes/Requests/Transport/cURL.php configures CURL options but does not configure any options for verify or verifyname. " Josh Stopper Candidates for Closure 47305 PHP Warning with PHP 7.3 HTTP API 5.2 normal normal Awaiting Review defect (bug) reopened reporter-feedback 2019-05-17T11:14:56Z 2020-04-24T00:27:00Z "My PHP version: 7.3 I can see following error in the error_log {{{ [17-May-2019 11:09:51 UTC] PHP Warning: http_build_query(): Parameter 1 expected to be Array or Object. Incorrect value given in /home/onnetsri/public_html/wp-includes/Requests/Transport/cURL.php on line 508 }}} Please make a fix for this issue" onlanka Candidates for Closure 39687 Request headers sent incorrectly from `WP_Http` to `Requests` HTTP API normal normal Awaiting Review defect (bug) new dev-feedback 2017-01-25T12:02:48Z 2017-01-27T08:51:23Z "While having a closer look at Requests (and also the way it is used in WP), I noticed something that appears to be a bug. The `$headers` variable that is passed from `WP_Http::request()` to `Requests::request()` is an array of `$key => $value` pairs where `$value` may be an array itself in case multiple values for that header have been passed to `WP_Http::request()`. However, the Requests library expects each `$value` of the `$headers` array to always be a string, as it uses `sprintf()` with it directly (the passed `$headers` array is sent through `Requests::flatten()`). This can cause issues when specifying multiple headers of the same name." flixos90 Candidates for Closure 51180 Unable to update any plugins HTTP API normal normal Awaiting Review defect (bug) new reporter-feedback 2020-08-28T17:26:20Z 2020-09-03T00:43:42Z Hello. After upgrading my WordPress on my WAMP server to version 5.5 I noticed I was unable to update any plugins. I found Ticket#34938 and the patch was not in this version of the mystore\wpadmin\include]\file.php. Maybe you could add this back in so others do not spend hours scratching their heads. fullermetric Candidates for Closure 39653 WP_Http_Cookie changes HTTP API normal normal Awaiting Review enhancement new reporter-feedback 2017-01-20T14:56:16Z 2017-01-20T15:30:30Z "1. The WordPress convention is to use underscores instead of camelCase for function and method change 2. add new param to return array in get_attributes method 3. change parse_url to wp_parse_url" sebastian.pisula Candidates for Closure 53938 replace core uses of wp_parse_url() with PHP's native parse_url() HTTP API normal normal Awaiting Review enhancement new close 2021-08-16T20:58:40Z 2021-08-17T16:38:31Z "[https://developer.wordpress.org/reference/functions/wp_parse_url/ wp_parse_url()] was introduced in #34408 to get around URL parsing failures of PHP's [https://www.php.net/manual/en/function.parse-url parse_url()] in PHP < 5.4.7. With the minimum supported PHP for core now 5.6.20, `wp_parse_url()` no longer seems necessary and `parse_url()` can be used directly. For background on this ticket, see the [https://wordpress.slack.com/archives/C02RQBWTW/p1629146151384100 slack thread]. " pbiron Tickets Needing Feedback 34796 Facing an issue when using wp_remote_get with streams (non-blocking mode) rmccue* HTTP API 4.3.1 normal normal defect (bug) accepted reporter-feedback 2015-11-26T22:45:06Z 2019-06-04T19:53:49Z "On some hosting providers (like wpengine.com) I've encountered an issue when using wp_remote_get with streams (non-blocking mode) which on the other hand uses PHP native functions stream_socket_client, stream_context_create and stream_set_blocking. The issue is that HTTP request (non-blocking) never succeed, it just hangs/stuck on the initial call of stream_socket_client and neither errors or exception are generated. I've investigated the issue deeper and it seems that many people over the Internet have it. The issue can be resolved after invoking stream_socket_client we put usleep(5000) and then stream_set_blocking($handler, 0). It seems that the initial time for stream_socket_client is not enough and that's why it needs more time in order to process the HTTP request. PHP Bugtracker https://bugs.php.net/bug.php?id=64803 WordPress 4.3.1 PHP 5.5 Is it possible to add additinal parameter on wp_remote_get or if there is any other way to achieve setting usleep parameter will help us to precisely configure HTTP requests. I am adding patch file" bangelov Tickets Needing Feedback 29619 Make WP_HTTP_BLOCK_EXTERNAL more easy to use HTTP API 2.8 normal normal enhancement new dev-feedback 2014-09-10T17:46:54Z 2019-06-04T19:46:22Z "Currently when defining WP_HTTP_BLOCK_EXTERNAL it blocks all requests which would mean that WordPress itself becomes unusable because it then will also blocks it own requests to WordPress.org. Also oEmbeds stop working because they can't get their data. My idea is to make an if statement like the localhost check to allow those requests. I do get that this constant is mainly for local development but would be great to have a easy way to have a semi locked down installation. So I'm curious what you guys think about this." markoheijnen Tickets with Patches 37705 Remove unnecessary parts of WP_HTTP which remain HTTP API normal normal defect (bug) new has-patch 2016-08-18T04:07:10Z 2019-06-04T20:01:04Z "After Requests was merged in WordPress 4.6, WP_HTTP now wraps it with a few of the previous classes remaining for compatibility. Some of these have significant code left in them which is no longer used, and we've still got the entire cURL and Streams WP_HTTP request classes in core. We should be able to remove a large percentage of these without too much issue. There's a chance that some developers have been using these classes directly, especially as a number of items were marked as public (due to how it was developed). I'd like to take the hardline approach and rip everything not needed out early, and restore compatibility shims where needed if it turns out developers were using things directly (incorrectly)." dd32 Tickets with Patches 53513 WP_Http ignores httpversion option HTTP API 4.6 normal normal Future Release defect (bug) assigned has-patch 2021-06-25T14:21:12Z 2023-04-11T13:00:58Z "[https://developer.wordpress.org/reference/classes/wp_http/request/ WP_Http::request()] uses the httpversion argument, which the documentation says will set the HTTP protocol version of the request. However when it calls [https://developer.wordpress.org/reference/classes/requests/request/ Requests::request()], the httpversion option is never passed. Instead, it uses protocol_version, as seen in [https://developer.wordpress.org/reference/classes/requests/get_default_options/ Requests::get_default_options()]. Yet there is no way to set protocol_version, and it always defaults to 1.1. It seems that httpversion is not actually used anywhere, and should be updated to protocol_version." cocreation Tickets with Patches 37459 Add additional layer in WP_Http to support parallel requests without requiring use of Requests directly HTTP API normal normal Future Release enhancement new has-patch 2016-07-25T12:46:20Z 2022-07-25T21:01:59Z "Follow-up to #33055. Requests supports parallel requests but we should provide this support through the existing WP_Http API. Some initial work was done by @wonderboymusic in [attachment:ticket:33055:33055.diff]." ocean90 Tickets with Patches 51770 Add unit tests for WP_Http_Cookie SergeyBiryukov HTTP API 5.2 normal normal Future Release enhancement reviewing has-patch 2020-11-13T14:25:27Z 2021-05-25T23:53:44Z "The class wasn't covered yet. We added these during contributor day at Yoast. Worked on this together with: https://profiles.wordpress.org/andizer https://profiles.wordpress.org/herregroen https://profiles.wordpress.org/lopo " andizer Tickets with Patches 45164 Added URL to error blocked requests SergeyBiryukov HTTP API 5.1 normal normal Future Release enhancement reviewing has-patch 2018-10-24T14:21:35Z 2023-12-06T16:12:24Z "Hello, i have set in wp-config.php: {{{#!php define( 'WP_HTTP_BLOCK_EXTERNAL', true ); define( 'WP_ACCESSIBLE_HOSTS', 'api.wordpress.org,downloads.wordpress.org' ); }}} When i installed plugin which need make request, i have error: ""User has blocked requests through HTTP."". If i want to add this host to whitelist, i dont know which host i should add, so i change error communicate to print URL. " wiuempe Tickets with Patches 25840 Feature Request: WP_ACCESSIBLE_HOSTS as option HTTP API 3.7.1 normal normal Future Release enhancement new has-patch 2013-11-05T21:46:14Z 2020-09-16T17:40:10Z "Currently WP_ACCESSIBLE_HOSTS is defined as a constant. It would be great if this is a wordpress option (or something equivalent) so you can change it at runtime. If you have a multisite installation and need to add domains to the whitelist you must reload the whole installation to enable them. Writing a simple plugin for this is also not possible since constants can not be redefined. My suggestion: 1) Store a site_option for mutlisites. This should contain a general whitelist for all blogs 2) Store a option per blog to contain additional whitelists for this single blog 3) Make it configurable via the admin interface (single textbox to enter the domains) 4) In the block_request function (https://github.com/WordPress/WordPress/blob/master/wp-includes/class-http.php#L507) the 2 options should be merged and handled like the constant This way you could manage the whitelist at runtime. What do you think about this? Chris" xFireFartx Tickets with Patches 39043 HTTP API :: Its Not Possible To Send Data In Body For GET Requests rmccue HTTP API 4.7 normal normal Future Release enhancement assigned dev-feedback 2016-12-04T03:59:27Z 2017-10-02T11:28:09Z "Currently there is no way to send data in the body of GET requests using the HTTP API (it gets sent as query args instead). While it may not be a very common use-case, its a valid one nevertheless. I've stumbled upon this while writing an integration for a [https://apidocs.sendinblue.com/list/#1 3rd-party API] which does not accept data as query args like most APIs typically do. #37456 is relevant to this issue. Patch incoming..." lots.0.logs Tickets with Patches 34538 Improvement of the IPv4 address format check chriscct7 HTTP API 4.4 normal normal Future Release enhancement reviewing has-patch 2015-11-01T06:57:35Z 2017-02-05T20:33:50Z "For the current ""is_ip_address()"" in the function of out of range, such as ""256.256.256.256"" IP so will also be judged as IPv4, it is increases the usefulness of the function you have to return false for out of range of IP." ka2 Unpatched Bugs 34053 HTTP API (Curl backend) inappropriately sends Content-Length header on POST requests made through a proxy server CONNECT HTTP API 4.3.1 normal normal defect (bug) new 2015-09-28T08:47:00Z 2019-06-04T19:51:56Z "When WordPress is configured to communicate with the outside world through a HTTP proxy server, using {{{ define('WP_PROXY_HOST', 'some-proxy-server'); define('WP_PROXY_PORT', '3128'); }}} in '''wp-config.php''', HTTP POST requests that are over HTTPS, and pass through the proxy server, get a Content-Length header inserted in the CONNECT request, instead of in the headers of the POST request made inside the HTTPS tunnel. On certain proxy servers configured to parse requests strictly, they will reject this outer CONNECT request with a HTTP 400 Bad Request, as the Content-Length header should not be there(?) Here is an HTTP POST request and response, going via a HTTPS CONNECT request (in this case a request for Google's Recaptcha through the Contact Form 7 plugin) behind a BlueCoat proxy server configured with tolerant-request-parsing off: {{{ CONNECT www.google.com:443 HTTP/1.1 Host: www.google.com:443 User-Agent: WordPress/4.3.1; https://staging.testvalley.hants.sch.uk Proxy-Connection: Keep-Alive Accept-Encoding: deflate;q=1.0, compress;q=0.5, gzip;q=0.5 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 1052 HTTP/1.1 400 Bad Request Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Connection: close Content-Length: 513 invalid_request: Your request could not be processed. Request could not be handled }}} To demonstrate this is not a plugin issue, a similar request (a check for core updates by clicking 'Check again' on the Updates page in WP-Admin) that is also affected: {{{ CONNECT api.wordpress.org:443 HTTP/1.1 Host: api.wordpress.org:443 User-Agent: WordPress/4.3.1; https://staging.testvalley.hants.sch.uk Proxy-Connection: Keep-Alive Accept-Encoding: deflate;q=1.0, compress;q=0.5, gzip;q=0.5 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 193 HTTP/1.1 400 Bad Request Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Connection: close Content-Length: 513 invalid_request: Your request could not be processed. Request could not be handled }}} HTTP (not HTTPS) requests, including POST, proceed fine through the proxy. HTTPS GET requests also work correctly. This seems to be an issue that derives from where '''includes/class-http.php''' injects the Content-Length header before dispatching the request to the chosen HTTP backend. This header injection does not cause issues with a HTTP POST request, but in the case of an HTTPS POST request going through the proxy, the Content-Length header ends up in the HTTPS CONNECT request to the proxy, rather than the actual request to the server that is wrapped inside the established tunnel. Commenting out lines 273 and 274 of '''includes/class-http.php''' causes the above two requests to succeed. " petertvs Unpatched Bugs 32932 WP_Http::request hangs on badly behaving servers HTTP API normal normal defect (bug) new 2015-07-09T00:52:56Z 2022-06-02T14:07:31Z "Some plugin includes a call to ""fetch_feed( 'https://wpml.org/feed/' )"" which takes 300 seconds to complete. The whole backend hangs during this rending of the dashboard widget. Tracing the problem down reveals, that the function WP_Http::request has a problem with the response from the server. The server does answer the HTTP/1.0 request with an HTTP/1.1 response and 300 seconds timeout: {{{ $ openssl s_client -connect wpml.org:443 SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES128-SHA Session-ID: 45...30 Session-ID-ctx: Master-Key: 68...4F Key-Arg : None Start Time: 1436367230 Timeout : 300 (sec) --- GET /feed/ HTTP/1.0 Host: wpml.org HTTP/1.1 302 Found ... [300 seconds to wait until the server closes the connection] }}} The WP_Http::request function does not handle this case correctly. It located in this part of the code: {{{ $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, ... $header_length = strpos( $strResponse, ... $bodyStarted = true; } $keep_reading = ( ! $bodyStarted || !... } }}} fread() waits the default 10s timeout and returns nothing (after the initial two reads). The repeats 30 times accumulating to 300 seconds. {{{ Count Avg.Time Tot.Time Name (linenumbers differ from the original) 1 301.201028 301.201028 wp-includes/class-http.php:889 1 0.595707 0.595707 -> 1065 1 0.000048 0.000048 -> 1067 1 0.000008 0.000008 -> 1075 1 0.000007 0.000007 -> 1084 1 0.000006 0.000006 -> 1131 32 0.000033 0.001070 -> 1134 32 9.386880 300.380167 -> 1136 1 0.000025 0.000025 -> 1145 1 0.000030 0.000030 -> 1148 1 0.000109 0.000109 -> 1153 }}} The obvious solution is to stop reading if nothing is returned. {{{ $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, ... $header_length = strpos( $strResponse, ... $bodyStarted = true; } $keep_reading = ( ! $bodyStarted || !... + if(strlen($block) === 0) break; } }}} This solves the problem for the badly behaving servers (in this case the one from the plugin). (From #meta1104" Lutz Donnerhacke Unpatched Bugs 37614 WP_PROXY_BYPASS_HOSTS has no effect inside curl transport, if http_proxy or https_proxy is set on the system HTTP API normal normal defect (bug) new 2016-08-09T13:20:22Z 2019-06-04T20:00:40Z "OS: Debian Squeeze PHP Version tested: 5.3.29 Will try to provide results from newer distros later today. -- In case server hosting website has environmental settings for proxy, it's not possible to skip using it even for addresses that should be bypassed. Let's take for example that printenv returns following: {{{ http_proxy=http://proxy.com:8080 https_proxy=http://proxy.com::8080 }}} In this case, if we execute `wp_remote_get` (with domain that should be bypassed via WP_PROXY_BYPASS_HOSTS) it will still use system variable http_proxy in curl transport. I think that wp_remote_get should explicitely set `curl_setopt($handle, CURLOPT_PROXY, null);`, if proxy is disabled inside wordpress or url SHOULD be bypassed." fliespl Unpatched Bugs 37708 `wp_http_supports()` doesn't reflect what Requests can do HTTP API 4.6 normal normal Future Release defect (bug) reopened 2016-08-18T04:36:47Z 2022-04-21T21:23:17Z "While reviewing what parts of `WP_HTTP` can be removed in #37705, I noticed that `wp_http_supports()` still performs it's checks against the `WP_HTTP` transports rather than querying against Requests to see if the request can be performed or not. The only capability which we supported was `ssl`. Three options: 1. Query SSL ability against Requests (if it supports that) 1. Deprecate and always `return true;` 1. Implement a small check to see if SSL requests will be able to proceed, checking for cURL features or openssl being available (and all the other streams requirements being satisfied). The above options are in my order of preferences, we should support it if possible, but I'm not afraid of just no-oping the function. Marking for 4.7, with the potential for 4.6.x backporting." dd32 Slated for Next Release 60565 download_url() returns inaccurate error message on missing URL argument audrasjb HTTP API 6.4.3 normal trivial 6.6 enhancement reviewing has-patch 2024-02-16T20:53:37Z 2024-02-19T19:48:29Z "Expected: {{{#!php