WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #20567, comment 5


Ignore:
Timestamp:
02/08/13 08:04:34 (2 years ago)
Author:
webaware
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20567, comment 5

    initial v1  
    22 
    33Explanation of Gist in [http://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/ this blog post] 
     4 
     5NB: note that it isn't safe to assume that these headers are added by the host; because they are non-standard headers, they can be added by the client, and thus some crafty prick could manufacture a situation where the request to the server tells it that SSL is enabled when it isn't, and perform a man-in-the-middle attack. I therefore recommend that '''core does not accept the patch on this ticket''', and instead this function be handled by a plugin.