Opened 4 years ago
Closed 9 months ago
#48407 closed enhancement (wontfix)
Change link to api.wordpress.org to HTTPS
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | trivial | Version: | 5.3 |
Component: | Administration | Keywords: | 2nd-opinion close |
Focuses: | administration | Cc: |
Description
Hi there.
A minor change, for using HTTPS protocol in:
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/dashboard.php#L1648
The:
$url = 'http://api.wordpress.org/core/browse-happy/1.1/';
should change to
$url = 'https://api.wordpress.org/core/browse-happy/1.1/';
Bests,
Lena
Change History (4)
#2
follow-up:
↓ 3
@
4 years ago
Hi @sebastienserre.
You are right on that, I needed to add to the ticket, that the lines 1654-1656 are useless and need to go.
As I see it, they add extra load since the specific API (as all from WordPress.org) is given in HTTPS.
But maybe, I'm wrong on that and the wp_remote_post() function in https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/dashboard.php#L1658, needs the $url in the same protocol (http or https) as the current site.
#3
in reply to:
↑ 2
@
4 years ago
- Keywords close added
Replying to lenasterg:
You are right on that, I needed to add to the ticket, that the lines 1654-1656 are useless and need to go.
As I see it, they add extra load since the specific API (as all from WordPress.org) is given in HTTPS.
As far as I can see, the wp_http_supports( array( 'ssl' ) )
check introduced in [41605] is not useless, as not all sites support HTTPS requests due to outdated cURL, OpenSSL, or other configuration issues. See some examples in #25716, #25738, #26010.
#42004 standardized all requests to api.wordpress.org
on using the wp_http_supports( array( 'ssl' ) )
check, so changing this one instance would be inconsistent.
#4
@
9 months ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Hello @lenasterg,
Following up on this ticket as it's been over 3 years since close
was added.
Looking at the request today, I agree with @SergeyBiryukov's assessment. The code design is intentional (see #42004).
I'll close this ticket. Please feel free to reopen if there is more to consider.
And thank you for opening the ticket for consideration.
Hello @lenasterg
I think it's OK as the complete part of code is:
If I've well understood,
$url = set_url_scheme( $url, 'https' );
should return https if needed.