[wp-trac] [WordPress Trac] #47577: Streamline detecting and enabling HTTPS
WordPress Trac
noreply at wordpress.org
Wed Jan 8 23:40:20 UTC 2020
#47577: Streamline detecting and enabling HTTPS
-------------------------------------------------+-------------------------
Reporter: flixos90 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion needs-unit-tests has- | Focuses:
patch |
-------------------------------------------------+-------------------------
Comment (by westonruter):
As noted in [https://blog.chromium.org/2019/10/no-more-mixed-messages-
about-https.html No More Mixed Messages About HTTPS], Chromium is going to
start blocking all non-HTTP subresources on pages loaded over HTTPS:
> In a series of steps starting in Chrome 79, Chrome will gradually move
to blocking all mixed content by default. To minimize breakage, we will
autoupgrade mixed resources to https://, so sites will continue to work if
their subresources are already available over https://. Users will be able
to enable a setting to opt out of mixed content blocking on particular
websites, and below we’ll describe the resources available to developers
to help them find and fix mixed content.
It states that HTTP-resources will be autoupgraded to HTTPS, at least
audio, video, and images. '''However''', it doesn't mention scripts or
iframes.
So if WordPress served `upgrade-insecure-requests` it would seem that this
would preempt what Chromium is already doing. It would prevent broken
media as well eventually prevent broken scripts and iframes which would
not get automatically upgraded, as far as I understand.
I'm not sure what Firefox or Safari are planning in this regard.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47577#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list