Opened 9 years ago
Closed 9 years ago
#34008 closed defect (bug) (worksforme)
ssl issues when editing
Reported by: | sheenas | Owned by: | johnbillion |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.3.1 |
Component: | Toolbar | Keywords: | |
Focuses: | Cc: |
Description
This is scenario:
I have SSL on our site for specific pages - payment form and admin section of wordpress. All our other pages are non SSL.
When I log on to wordpress admin using SSL; I log in fine but the site goes no non-ssl; which is fine as that is 99.99% of the site. The problem comes when I try to edit the non ssl page when I click the edit button at the top of the page - toolbar, I get a 404 error. Since I logged into SSL, I cannot edit non ssl pages unless I manually change the link on the browser to include https and then edit the page.
I think wordpress should be smart enough to edit non-ssl pages when logged in under ssl admin.
Any thoughts would appreciated to fix this.
Thanks
Change History (4)
#2
@
9 years ago
Hi John,
Thanks for your prompt reply. You nailed it. I was not using "FORCE_SSL_ADMIN constant for SSL in the admin area" This fixed the issue. 1. I am using WordPress HTTPS from wp resp
Thanks for pointing this out.
#3
@
9 years ago
- Keywords needs-testing added; reporter-feedback removed
- Owner set to johnbillion
- Status changed from new to accepted
I'll take a look to see if anything can be improved here.
#4
@
9 years ago
- Keywords needs-testing removed
- Milestone Awaiting Review deleted
- Resolution set to worksforme
- Status changed from accepted to closed
The only way I can reproduce this issue (the admin toolbar linking to http
when I'm logged in over https
) is when FORCE_SSL_ADMIN
is not set, siteurl
does not use https
, but I've manually navigated to the admin area over https
and logged in. Under this situation, I'm logged in on the front end but the admin toolbar links point to http
(which is expected behaviour), which means I'm not authenticated to the admin area.
This is a very edge case, and the admin URL scheme is as expected. Closing as worksforme. FORCE_SSL_ADMIN
is the solution, and so is switching to HTTPS everywhere :)
Thanks for the report, sheenas.
FORCE_SSL_ADMIN
constant for SSL in the admin area? Or did you just change the 'WordPress Address' setting?Typically, WordPress works best when your entire site is served over SSL, instead of just selective pages. I know it's not a trivial thing to change, but it certainly helps avoid issues such as this if you can switch your whole site over to SSL.
We're working to iron out as many SSL/HTTPS bugs as possible in the upcoming 4.4 release, so any information you can provide would be a big help.