WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#16776 closed defect (bug) (wontfix)

Preview broken on mapped domains with multisite-/network-install when privacy settings are strict

Reported by: stealingisbad Owned by:
Milestone: Priority: normal
Severity: major Version: 3.1
Component: Multisite Keywords:
Focuses: Cc:

Description

Given:

  • a multisite install at example.org configured for sub-domains
  • a blog called "foo" at foo.example.org
  • a domain mapping www.foo.com -> foo.example.org
  • www.foo.com set as PRIMARY domain for that blog

There are different ways to set this up. While some break the preview altogether, some deny remote logins and thus require entering credentials over and over again.

Here is the setup which "only" breaks the preview if the privacy settings require login to simply view a blog (private blog):

Set these two checkboxes:

Tools > Domain Mapping > Remote Login & Redirect administration pages to site's original domain (remote login disabled if this redirect is disabled)

At the specific blog:

  1. Network Admin > Sites > BLOGNAME > Edit
  2. Under "Info" > Domain: foo.example.org (if set to www.foo.com it would deny remote logins)
  3. Under "Settings" > Siteurl: foo.example.org (if set to www.foo.com it would deny remote logins
  4. Under "Settings" > Home: www.foo.com (setting this to foo.example.org breaks the preview)

The above works nice for most situations. It allows the super admin to conviniently switch between sub-sites and preview works for public sites.

The ERROR:
For private sites (login required to view contents), the problem forms like this:

  1. Super Admin is logged in to foo.example.org and edits a Post
  2. The "Preview" button links to (e.g.) http://www.foo.com/?p=47&preview=true
  3. Clicking that button tries to open the respective URL, BUT ...
  4. ... that URL is redirecting to http://foo.example.org/wp-login.php in order to request a login (note the Redirect administration pages to site's original domain above in combination with the strict privacy setting)
  5. Now, even if you login correctly, the original preview-link will be forgotten and you'll land back at the Dashboard (at http://foo.example.org/wp-admin/)

As a result, currently the admin has to decide on one of three "evils":

  1. denied previews altogether
  2. denied remote logins (no fast switching between blogs)
  3. denied previews for restricted blogs

Change History (2)

comment:1 technosailor3 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

This is something that we're probably not going to fox as it pertains to a plugin, not core.

Version 0, edited 3 years ago by technosailor (next)

comment:2 ocean903 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.