WordPress.org

Make WordPress Core

Opened 5 months ago

Last modified 4 months ago

#47817 new defect (bug)

Using file editor ignores schema and always uses http

Reported by: jeffpaulkinsta Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.2.2
Component: Filesystem API Keywords:
Focuses: administration Cc:
PR Number:

Description

When editing a template/theme or plugin file with the WordPress file editor, the internal loopback which I assume uses wp-json does not honor the schema of the siteurl.

For example:
Siteurl: https://kinsta.com

The request will come through as http://kinsta.com
If SSL is forced at the server level, this will force the https:// schema.

This was recently discovered and was failing because a user's SSL intermediate chain was missing, so the site would edit fine without HTTPS forced, but with SSL forced it would fail.

We were able to identify the chain issue due to this error occuring when force HTTPS was enabled in Nginx:

Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

Change History (1)

#1 @kadamwhite
4 months ago

  • Focuses administration added; rest-api removed

The file editor does not utilize the REST API, so this "focus" keyword is incorrect — I believe "admin" is the correct focus here.

Note: See TracTickets for help on using tickets.