#40416 closed enhancement (fixed)
Use HTTPS in wp_dashboard_primary()
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 5.1 | Priority: | normal |
Severity: | minor | Version: | |
Component: | Administration | Keywords: | has-patch |
Focuses: | Cc: |
Description
The feed URLs for news and popular plugins are still using HTTP.
From #27115, it sounds like they initially weren't converted to HTTPS because some servers don't support outgoing SSL connections, and at the time w.org did not redirect HTTP -> HTTPS.
Both of those URLs 301
redirect to HTTPS URLs now, so I can't think of any reason to leave them as HTTP. The URL for the Planet feed was set to HTTPS in r29787, even though Planet doesn't redirect to HTTPS yet, so that seems like further precedent to update this.
The popular plugins URL was redirecting 3 times until it finally got to the new URL in the patch, so this should be a bit faster too.
The popular plugins aren't currently shown with the old or new URLs, because of meta:#2723. It seems like it might be fine to continue with the change to HTTPS, though, since it's broken anyway, and it should start working once the Meta ticket is fixed.
Attachments (1)
Change History (10)
#3
@
8 years ago
The popular plugins aren't currently shown with the old or new URLs, because of meta:#2723
That's fixed now, and 40416.diff
looks good with the valid feed.
#4
@
8 years ago
Ideally these would still be accessible over HTTP, but I don't see that as a major issue anymore. I see no real harm in moving these to HTTPS.
I've asked systems if it's possible to determine how much HTTP vs HTTPS traffic api.wordpress.org gets to try to determine if we still need to keep systems in mind which can't communicate over HTTPS (Those are those without OpenSSL or with cURL and a broken SSL transport compiled in).
#7
@
7 years ago
The popular plugins feed was removed in [40607], so it's just the WordPress News feed now.
Previously: #34685, but it seems like circumstances have changed since then.