Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#34008 closed defect (bug) (worksforme)

ssl issues when editing

Reported by: sheenas Owned by: johnbillion
Milestone: Priority: normal
Severity: normal Version: 4.3.1
Component: Toolbar Keywords:
Focuses: Cc:


This is scenario:

I have SSL on our site for specific pages - payment form and admin section of wordpress. All our other pages are non SSL.

When I log on to wordpress admin using SSL; I log in fine but the site goes no non-ssl; which is fine as that is 99.99% of the site. The problem comes when I try to edit the non ssl page when I click the edit button at the top of the page - toolbar, I get a 404 error. Since I logged into SSL, I cannot edit non ssl pages unless I manually change the link on the browser to include https and then edit the page.

I think wordpress should be smart enough to edit non-ssl pages when logged in under ssl admin.

Any thoughts would appreciated to fix this.


Change History (4)

#1 @johnbillion
5 years ago

  • Keywords reporter-feedback added

Thanks for the report, sheenas.

  • What plugin or configuration are you using to make certain pages on your site SSL?
  • Are you using the FORCE_SSL_ADMIN constant for SSL in the admin area? Or did you just change the 'WordPress Address' setting?
  • What's the address of the 404 URL? Is it on a different domain name to the main site or admin area?
  • Do the other links in the admin toolbar work as expected when you click them from non-SSL pages?

Typically, WordPress works best when your entire site is served over SSL, instead of just selective pages. I know it's not a trivial thing to change, but it certainly helps avoid issues such as this if you can switch your whole site over to SSL.

We're working to iron out as many SSL/HTTPS bugs as possible in the upcoming 4.4 release, so any information you can provide would be a big help.

#2 @sheenas
5 years ago

Hi John,

Thanks for your prompt reply. You nailed it. I was not using "FORCE_SSL_ADMIN constant for SSL in the admin area" This fixed the issue. 1. I am using WordPress HTTPS from wp resp

Thanks for pointing this out.

#3 @johnbillion
5 years ago

  • Keywords needs-testing added; reporter-feedback removed
  • Owner set to johnbillion
  • Status changed from new to accepted

I'll take a look to see if anything can be improved here.

#4 @johnbillion
5 years ago

  • Keywords needs-testing removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from accepted to closed

The only way I can reproduce this issue (the admin toolbar linking to http when I'm logged in over https) is when FORCE_SSL_ADMIN is not set, siteurl does not use https, but I've manually navigated to the admin area over https and logged in. Under this situation, I'm logged in on the front end but the admin toolbar links point to http (which is expected behaviour), which means I'm not authenticated to the admin area.

This is a very edge case, and the admin URL scheme is as expected. Closing as worksforme. FORCE_SSL_ADMIN is the solution, and so is switching to HTTPS everywhere :)

Note: See TracTickets for help on using tickets.