[wp-trac] [WordPress Trac] #26800: Multisite is hardcoded to redirect to http:// for invalid domains

WordPress Trac noreply at wordpress.org
Fri Jan 24 08:46:10 UTC 2014


#26800: Multisite is hardcoded to redirect to http:// for invalid domains
------------------------------------+-----------------------------
 Reporter:  glen.pike.hf            |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  low                     |   Milestone:  Future Release
Component:  Bootstrap/Load          |     Version:  3.0
 Severity:  minor                   |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:  multisite
------------------------------------+-----------------------------

Comment (by glen.pike.hf):

 > It seems the answer here isn't necessarily checking for the scheme of
 the request, but checking for a desired scheme assigned to the
 `$current_site->domain` the redirect will be made to. If the domain
 requested is invalid, there's nothing saying that the scheme is valid.
 That makes sense to me.
 >
 > I guess one question would be whether forcing SSL in this scenario
 should occur in WordPress core, or in the web server configuration as an
 immediate redirect.

 Our particular Wordpress setup is such that we have a WP host on port 80,
 but it is behind a proxy serving on SSL.  The visitor sees WP on https://
 but Wordpress' Apache config is not.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26800#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list