[wp-trac] [WordPress Trac] #57125: custom changes to wp-includes/functions.php overwritten by automatic upgrades, breaking Cloudflare or squid frontend

WordPress Trac noreply at wordpress.org
Wed Nov 16 13:06:23 UTC 2022 

#57125: custom changes to wp-includes/functions.php overwritten by automatic
upgrades, breaking Cloudflare or squid frontend
----------------------------+------------------------
 Reporter:  noexitorescape  |       Owner:  (none)
     Type:  enhancement     |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Security        |     Version:  6.1.1
 Severity:  minor           |  Resolution:  duplicate
 Keywords:                  |     Focuses:
----------------------------+------------------------
Changes (by SergeyBiryukov):

 * status:  new => closed
 * resolution:   => duplicate
 * focuses:  administration, performance =>
 * component:  Customize => Security
 * milestone:  Awaiting Review =>


Comment:

 Hi there, welcome to WordPress Trac!

 Thanks for the report, we're already tracking this issue in #31288.

 Replying to [ticket:57125 noexitorescape]:
 > {{{
 > /**
 >  *  Enable HTTPS behind proxy service
 >  */
 >
 > if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
 $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
 >     $_SERVER['HTTPS'] = 'on';
 > }
 >
 > }}}

 You can put this code in `wp-config.php` before the `/* That's all, stop
 editing! Happy publishing. */` comment, that way it won't be overwritten
 on updates.

 This is something that comes up often, but is not something that can be
 fixed due to the nature of handling client-provided headers, which is
 what's needed to address the issue. See comment:17:ticket:31288 for more
 info.

 The long and short of it is that this is a server-level configuration
 issue with reverse proxy web servers. It's not a WordPress issue, and it's
 not limited to WordPress. There's no need to modify the `is_ssl()`
 function. You just need to add something along the lines of the code above
 to your `wp-config.php` file. This simplified version might also work:
 {{{
 $_SERVER['HTTPS'] = 1;
 }}}

 Any proxy configuration is "supported" by WordPress, you just need to
 remap the `$_SERVER['HTTPS']` server variable based the particular proxy
 configuration you're using.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57125#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list