Make WordPress Core

Opened 8 years ago

Closed 7 years ago

Last modified 6 years ago

#40416 closed enhancement (fixed)

Use HTTPS in wp_dashboard_primary()

Reported by: iandunn's profile iandunn Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.1 Priority: normal
Severity: minor Version:
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

The feed URLs for news and popular plugins are still using HTTP.

From #27115, it sounds like they initially weren't converted to HTTPS because some servers don't support outgoing SSL connections, and at the time w.org did not redirect HTTP -> HTTPS.

Both of those URLs 301 redirect to HTTPS URLs now, so I can't think of any reason to leave them as HTTP. The URL for the Planet feed was set to HTTPS in r29787, even though Planet doesn't redirect to HTTPS yet, so that seems like further precedent to update this.

The popular plugins URL was redirecting 3 times until it finally got to the new URL in the patch, so this should be a bit faster too.

The popular plugins aren't currently shown with the old or new URLs, because of meta:#2723. It seems like it might be fine to continue with the change to HTTPS, though, since it's broken anyway, and it should start working once the Meta ticket is fixed.

Attachments (1)

40416.diff (954 bytes) - added by iandunn 8 years ago.

Download all attachments as: .zip

Change History (10)

@iandunn
8 years ago

#1 @iandunn
8 years ago

  • Keywords has-patch added
  • Severity changed from normal to minor

#2 @iandunn
8 years ago

Previously: #34685, but it seems like circumstances have changed since then.

#3 @iandunn
8 years ago

The popular plugins aren't currently shown with the old or new URLs, because of meta:#2723

That's fixed now, and 40416.diff looks good with the valid feed.

#4 @dd32
8 years ago

Ideally these would still be accessible over HTTP, but I don't see that as a major issue anymore. I see no real harm in moving these to HTTPS.

I've asked systems if it's possible to determine how much HTTP vs HTTPS traffic api.wordpress.org gets to try to determine if we still need to keep systems in mind which can't communicate over HTTPS (Those are those without OpenSSL or with cURL and a broken SSL transport compiled in).

#5 @SergeyBiryukov
7 years ago

#43396 was marked as a duplicate.

#6 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 5.0

#7 @SergeyBiryukov
7 years ago

The popular plugins feed was removed in [40607], so it's just the WordPress News feed now.

#8 @SergeyBiryukov
7 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 42731:

Administration: Use HTTPS for dashboard_primary_feed URL.

dashboard_secondary_feed is already using HTTPS since [29787].

Props iandunn.
Fixes #40416.

#9 @pento
6 years ago

  • Milestone changed from 5.0 to 5.1
Note: See TracTickets for help on using tickets.