WordPress.org
Get WordPress

Make WordPress Core

Opened 11 years ago

Last modified 7 months ago

#29727 new feature request

Porting self-hosted Wordpress to HTTPS: mixed content

Reported by: jsha's profile jsha Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.0
Component: Media Keywords: has-patch https needs-test-info
Focuses: Cc:

Description

When moving a self-hosted Wordpress blog from HTTP to HTTPS (by editing the site URL at /wp-admin/options-general.php), I run into trouble because image links embedded in existing posts still point to HTTP, even though those images are hosted by my Wordpress blog and now support HTTPS.

It would be great if Wordpress could automatically rewrite images in existing posts when site URL is changed to HTTPS.

Attachments (2)

29727.diff (1.4 KB) - added by thomaswm 10 years ago.
Replace local HTTP URLs in post content using a filter
29727.2.diff (408 bytes) - added by thomaswm 10 years ago.
Send "Upgrade Insecure Requests" HTTP header

Download all attachments as: .zip

Change History (12)

#1 @mikemike86
11 years ago

  • Type changed from defect (bug) to enhancement

#2 @DrewAPicture
11 years ago

  • Component changed from General to Media

#4 @SergeyBiryukov
11 years ago

#28521 would resolve this.

#6 @johnbillion
10 years ago

#33691 was marked as a duplicate.

@thomaswm
10 years ago

Replace local HTTP URLs in post content using a filter

@thomaswm
10 years ago

Send "Upgrade Insecure Requests" HTTP header

#7 @thomaswm
10 years ago

I've uploaded two different patches:

#8 @thomaswm
10 years ago

  • Keywords has-patch needs-testing added

#9 @johnbillion
10 years ago

  • Keywords https added

#10 @SirLouen
7 months ago

  • Keywords needs-test-info added; needs-testing removed
  • Type changed from enhancement to feature request

Reproduction Report

Description

❌ This report validates that the issue can't be reproduced.

Environment

  • WordPress: 6.9-alpha-60093-src
  • PHP: 8.2.28
  • Server: nginx/1.27.5
  • Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
  • Browser: Chrome 137.0.0.0
  • OS: Windows 10/11
  • Theme: Twenty Twenty-Five 1.2
  • MU Plugins: None activated
  • Plugins:
    • Test Reports 1.2.0

Bug Reproduction

  1. For testing this with wordpress-develop I'm using a combination of PRs: PR 8787 and PR 8977 which provide a perfect scenario: I can create a tunnel with ngrok with ngrok http https://localhost:8890
  2. First I add some posts with images through the non HTTP version http://localhost:8889
  3. Then I add both SITEURL and HOMEURL to the ngrok https upgraded version URL
  4. Here I can see the SRCSET being set to the right URL, despite the SRC is wrong and might cause multiple failures without the SRCSET in place.

https://i.imgur.com/sOHFl0u.png

Actual Results

  1. ❌ Error condition doesn't occur any more

Additional Notes

  • I know, first hand, that this has been historically frustrating, and a search and replace with wp-cli has always become very handy in these situations. For HTTPS, it looks logical to perform such search and replace internally because it has always been something of priority (as commented in #28521).
  • But with the introduction of dynamically generated SRCSET, SRC is being completely ignored; hence, it doesn't matter much that it's still pointing to the old URL. Also, all scripts and stylesheets are upgraded dynamically, so most problems regarding with HTTPS upgrade (or even domain change), are not as problematic, as they have historically been.
  • Although it's always recommended to run the full search-replace to avoid potential troubles with scheme/URL misalignment with the new version. I would like to see a testing scenario where taking the original attachment URL could be a problem that required scheme upgrade for further testing (needs-test-info)
Last edited 7 months ago by SirLouen (previous) (diff)
Note: See TracTickets for help on using tickets.