#32354 closed defect (bug) (duplicate)
is_ssl() does not work on cloud hosting
Reported by: | mdawart | Owned by: | chriscct7 |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.1 |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
On our clients cloud hosting the $_SERVERHTTPS? nor '443' == $_SERVERSERVER_PORT? is set so wordpress is not able to determine if calles via https or not and activating the force ssl setting leads to a redirect loop.
I've modified the is_ssl function to detect for environments like those:
/** * Determine if SSL is used. * * @since 2.6.0 * * @return bool True if SSL, false if not used. */ function is_ssl() { if ( isset($_SERVER['HTTPS']) ) { if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true; if ( '1' == $_SERVER['HTTPS'] ) return true; } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { return true; } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( 'https' == $_SERVER['HTTP_X_FORWARDED_PROTO'] )) { return true; } return false; }
Attachments (2)
Change History (9)
#1
@
9 years ago
- Component changed from Security to Permalinks
- Keywords needs-patch dev-feedback added
- Owner set to chriscct7
- Status changed from new to assigned
- Version changed from 4.1.1 to 4.1
#3
@
9 years ago
- Milestone changed from Awaiting Review to 4.3
- Status changed from assigned to accepted
#5
@
9 years ago
- Component changed from Permalinks to General
- Keywords needs-nacin removed
- Milestone 4.3 deleted
- Resolution set to duplicate
- Status changed from accepted to closed
Duplicate of #31288.
I don't believe we can trust the HTTP_X_FORWARDED_PROTO
variable, as clients can set it, bypassing any checks which rely upon is_ssl()
.
The correct method is to either
a) Fix the server variables in the server to reflect the upstream proxy
b) Fix the server variables in wp-config.php to reflect the upstream proxy
You can see my full reasoning here: https://core.trac.wordpress.org/ticket/31288#comment:11
#7
@
6 years ago
Estou com uma problema de (error 500), onde não está exibindo o site do cliente https://descubraoguaruja.com.br.
A hospedagem acusou erro nos arquivos (functions.php) e (load.php), que acusa erro na linha onde a função verifica a existencia de SSL.
Alguém já passou por esse problema?
There should really be a filter in there, perhaps 2 (one general one at the bottom and one earlier that does isset SERVER PORT so it can check a custom https port).
Also
Needs to be a patch file. Will review and work on this a bit.