Opened 18 years ago
Closed 17 years ago
#3637 closed defect (bug) (wontfix)
Not using the same protocol for all requests
Reported by: | robertaccettura | Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | normal | Version: | 2.1 |
Component: | Administration | Keywords: | security https |
Focuses: | Cc: |
Description
When accessing wp-admin using https, I'd expect all http requests to be using https.
Currently the css and js are loaded with http. They should use the relevant protocol.
Change History (7)
#2
@
18 years ago
- Milestone set to 2.2
Setting to milestone not b/c I have an opinion on this ticket. Just like to have everything either targeted or closed.
#3
@
18 years ago
Understood.
I have a feeling (without looking at the code) the changes required here would be more than safe enough for the 2.1 branch.
#5
@
18 years ago
I have made this plugin to address this issue:
https://www.abtime.de/downloads/ab-https-urls.phps
Yet there are a few problems, like #4046.
Also, some plugins or maybe themes expect to work with a http URL, e.g. Google Sitemaps Plugin had some unintended behaviour when it changed its output to https-URLs, but the rest seems to work for me.
#6
@
17 years ago
- Keywords changed from security, https to security https
Well, if the plugin works, then I suggest this be marked as invalid, since as abtime said, the behavior might cause unintended behavior with some javascript files.
Unless it poses some security risk, then this should be marked invalid.
I should note this isn't really "insecure" but results in a broken lock, which isn't the greatest thing. It can confuse people.