#52421 closed defect (bug) (fixed)
Remove admin and login exceptions for https in home_url
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 5.7 | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Right now the home_url function will automatically switch to https if the current request is already https but will do so only on the front-end.
This was likely created in a time when running the admin with a self-signed certificate with the rest of the site running http was a common use-case.
Today is a very different situation thanks to initiatives like let's encrypt and many hosts providing certificates automatically or with little effort from site owners.
These exceptions may result in users being changed from https to http when navigating from within their admin. In addition it leads to inconsistent behavior of home_url where it will generate different values in the admin and on the frontend.
Attachments (1)
Change History (12)
#1
@
4 years ago
- Milestone changed from Awaiting Review to 5.7
- Owner set to SergeyBiryukov
- Status changed from new to reviewing
#3
@
4 years ago
Thanks for the patch! It looks like there are some failing tests with this change that need updating:
1) Tests_REST_API::test_rest_url_scheme Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -'http' +'https' S:\home\wordpress.test\develop\tests\phpunit\tests\rest-api.php:792 2) Tests_URL::test_home_url_from_admin Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -'http://example.org' +'https://example.org' S:\home\wordpress.test\develop\tests\phpunit\tests\url.php:210 3) Tests_URL::test_network_home_url_from_admin Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -'http://example.org' +'https://example.org' S:\home\wordpress.test\develop\tests\phpunit\tests\url.php:259
Working on that now.
#5
@
4 years ago
- Keywords needs-refresh removed
- Resolution fixed deleted
- Status changed from closed to reopened
This has introduced two other failures:
1) Tests_WP_Resource_Hints::test_dns_prefetch_scripts_does_not_included_registered_only Undefined index: pagenow /var/www/build/wp-includes/functions.wp-scripts.php:272 /var/www/tests/phpunit/tests/general/resourceHints.php:192 2) Tests_WP_Resource_Hints::test_deregistered_scripts_are_ignored Undefined index: pagenow /var/www/build/wp-includes/functions.wp-scripts.php:272 /var/www/tests/phpunit/tests/general/resourceHints.php:205
Restoring the $pagenow global appears to fix them. It's not quite clear why that happens, as the global is no longer used in the function, but let's address the failures for now and investigate later.
This ticket was mentioned in Slack in #core by sergey. View the logs.
4 years ago
#9
follow-up:
↓ 10
@
4 years ago
The test failure looks to be coming from either a poorly defined global in source, or erroniously reset global in the tests. Either way, it seems luck has caused the tests to pass until now and I wouldn't be surprised to discover other repairs to the global needed along the way.
@SergeyBiryukov are you still wanting to solve this during the 5.7 cycle or would you prefer it to be dealt with on another ticket?
#10
in reply to:
↑ 9
@
4 years ago
- Resolution set to fixed
- Status changed from reopened to closed
Replying to peterwilsoncc:
are you still wanting to solve this during the 5.7 cycle or would you prefer it to be dealt with on another ticket?
Let's continue in #52566 :)
#11
in reply to:
↑ description
@
4 years ago
Replying to herregroen:
Right now the home_url function will automatically switch to https if the current request is already https but will do so only on the front-end.
For reference, just noting that wp_get_attachment_url() has a similar exception that may or may not need to be removed later. See [32342] / #32112.
Hi there!
If we implement remote-home-url-https-exceptions.patch then we should remove
global $pagenow;and there document from the function.