Make WordPress Core

Opened 18 years ago

Closed 17 years ago

#3637 closed defect (bug) (wontfix)

Not using the same protocol for all requests

Reported by: robertaccettura's profile robertaccettura Owned by:
Milestone: Priority: low
Severity: normal Version: 2.1
Component: Administration Keywords: security https
Focuses: Cc:

Description

When accessing wp-admin using https, I'd expect all http requests to be using https.

Currently the css and js are loaded with http. They should use the relevant protocol.

Change History (7)

#1 @robertaccettura
18 years ago

I should note this isn't really "insecure" but results in a broken lock, which isn't the greatest thing. It can confuse people.

#2 @foolswisdom
18 years ago

  • Milestone set to 2.2

Setting to milestone not b/c I have an opinion on this ticket. Just like to have everything either targeted or closed.

#3 @robertaccettura
18 years ago

Understood.

I have a feeling (without looking at the code) the changes required here would be more than safe enough for the 2.1 branch.

#4 @foolswisdom
18 years ago

  • Milestone changed from 2.2 to 2.4

#5 @abtime
18 years ago

I have made this plugin to address this issue:
https://www.abtime.de/downloads/ab-https-urls.phps

Yet there are a few problems, like #4046.
Also, some plugins or maybe themes expect to work with a http URL, e.g. Google Sitemaps Plugin had some unintended behaviour when it changed its output to https-URLs, but the rest seems to work for me.

#6 @darkdragon
17 years ago

  • Keywords changed from security, https to security https

Well, if the plugin works, then I suggest this be marked as invalid, since as abtime said, the behavior might cause unintended behavior with some javascript files.

Unless it poses some security risk, then this should be marked invalid.

#7 @thee17
17 years ago

  • Milestone 2.5 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Plug-in works. Probably for stability not put in core is best.

Note: See TracTickets for help on using tickets.