Changes between Initial Version and Version 1 of Ticket #20567, comment 5
- Timestamp:
- 02/08/2013 08:04:34 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #20567, comment 5
initial v1 2 2 3 3 Explanation of Gist in [http://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/ this blog post] 4 5 NB: note that it isn't safe to assume that these headers are added by the host; because they are non-standard headers, they can be added by the client, and thus some crafty prick could manufacture a situation where the request to the server tells it that SSL is enabled when it isn't, and perform a man-in-the-middle attack. I therefore recommend that '''core does not accept the patch on this ticket''', and instead this function be handled by a plugin.