Opened 11 years ago
Closed 9 years ago
#29240 closed defect (bug) (worksforme)
Post preview button initiates over HTTP
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.9.2 |
| Component: | Security | Keywords: | reporter-feedback |
| Focuses: | Cc: |
Description
Despite an HTTPS website forcing encrypted traffic via HSTS, clicking the preview button in a post initiates an HTTP session when opening a new window for that session. This can be reproduced by installing a browser plugin that blocks non-HTTPS traffic.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Thanks for the report filco. I'm unable to reproduce the problem as reported.
If you have HSTS enabled for the domain and your browser is still allowing HTTP connections to the domain, then something is misconfigured with your browser or with your HSTS header. What happens if you manually navigate to the HTTP URL for your site?
What's the scheme of the "Site Address" on your site's General Settings screen? Is it
https? If not, it is expected behaviour that you will be redirected to an HTTP URL for the preview. When you hit the "Preview" button, the actual save action will be sent over the same protocol as your admin area (I'm assuming HTTPS in your case). You'll then be redirected to the post preview, which will be sent over HTTP if that's what you've got set in your "Site Address".