[buddypress-trac] [BuddyPress] #4822: Login redirects to https when FORCE_ADMIN_SSL enabled

buddypress-trac noreply at wordpress.org
Wed Feb 13 13:47:09 UTC 2013 

#4822: Login redirects to https when FORCE_ADMIN_SSL enabled
-------------------------------------------------+-------------------------
 Reporter:  will_c                               |       Owner:
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
Component:  Core                                 |  Release
 Severity:  normal                               |     Version:  1.7
 Keywords:  has-patch dev-feedback needs-        |  Resolution:
  testing needs-unit-tests                       |
-------------------------------------------------+-------------------------
Changes (by boonebgorges):

 * keywords:  has-patch dev-feedback needs-testing => has-patch dev-feedback
     needs-testing needs-unit-tests
 * milestone:  Awaiting Review => Future Release


Comment:

 I'm wary of putting hacks (relatively speaking) into place to fix an issue
 that should be solved upstream. If it's an issue with wp-login.php
 redirects, then you're quite correct that it should be fixed in WP itself.
 Are you aware of a WP ticket addressing the underlying problem?

 FWIW, I'd hope that admins who have enabled an SSL and are using
 `FORCE_ADMIN_SSL` are also savvy enough to know that, in these kinds of
 cases, it's pretty trivial to set up a blanket https->http redirect for
 non-wp-admin pages, with an .htaccess rule. will_c, if you've written such
 a rule in the past, I encourage you to create a page on the WordPress or
 BuddyPress codex that explains its use and purpose. For the time being,
 that's really the most reliable solution.

 In the longer run, if WP doesn't fix this, I don't have a problem doing
 some workarounds in BP. But I think we can do better than to simply force
 `wp_get_referer()` as the fix. It seems better to me to detect the
 presence of a `redirect_to` parameter, and to check whether it's `http` or
 `https`, and then to modify the URL appropriately based on SSL settings
 before reforwarding. That'll result in less unexpected behavior,
 especially for plugins that supply custom redirect_to after login.

 There's not much we can do for the case of relative URL redirects, I'm
 afraid. Are they being caused by BP or by some other plugin?

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4822#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list