Opened 17 years ago
Closed 17 years ago
#5450 closed defect (bug) (invalid)
infinite redirect
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | high | |
| Severity: | normal | Version: | 2.3.1 |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
I would imagine that this infinite redirect problem occurs when you access a host that wordpress is not configured for, so it redirects you to the one that it is configured for, correct?
If so, it should be disabled by default. Seeing that wordpress has had a long line of security vulnerabilities, I have mine running inside of a VM. That VM is accessed through a proxy, by the host name of "wordpress". So, I would imagine that the redirect is occuring because it thinks that "wordpress" does not match my host, and therefore it should redirect to the one that I have configured.
The problem with all of that though, is that it is forcing the user into something they may not want. What if they made a typo in the configuration? Then, they are toast, and cannot access their wordpress blog, unless they are a savvy user.
Change History (2)
#2
in reply to:
↑ description
@
17 years ago
- Milestone 2.5 deleted
- Resolution set to invalid
- Status changed from new to closed
Replying to trenta:
I would imagine that this infinite redirect problem occurs when you access a host that wordpress is not configured for, so it redirects you to the one that it is configured for, correct?
Correct.
If so, it should be disabled by default. Seeing that wordpress has had a long line of security vulnerabilities, I have mine running inside of a VM. That VM is accessed through a proxy, by the host name of "wordpress". So, I would imagine that the redirect is occuring because it thinks that "wordpress" does not match my host, and therefore it should redirect to the one that I have configured.
[snipped] it is forcing the user into something they may not want.
It is not "forcing the user into something they may not want". It is redirecting the user to what was set in the "WordPress URL" and "Blog URL" (WP_SITEURL and WP_HOME, respectively, in wp-config.php) property. If you want to access WP via a different hostname, then change the WP_SITEURL and WP_HOME options.
You can have these set dynamically by adding the following in wp-config.php:
define ('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/wherever-wp-is-installed');
define ('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/wherever-wp-is-installed');
Only use the above code in development, not in production, as it exposes your dev server to "Host:" header injection.
While i notice the Canonical redirects are designed to not affect the Admin pages, Something else redirects the admin pages to the "proper" hostname, Perhaps WordPress should accept whatever the URL is that the user accesses the Admin pages via?
The redirection settings can be setup so that WP works as intended, However, i'm not too sure on how you're supposed to do that, The Site and Blog URL's in the admin need to be set properly for the proxy setup, I think you need to set them up to the external address, and make sure that the proxy is behaving and sending its proxy headers along.