[wp-trac] [WordPress Trac] #62132: Make wordpress.org API connections for updates, plugins and themes configurable to a different location

WordPress Trac noreply at wordpress.org
Mon Feb 10 16:43:12 UTC 2025 

#62132: Make wordpress.org API connections for updates, plugins and themes
configurable to a different location
-----------------------------+------------------------------
 Reporter:  jamesking56      |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by Clorith):

 This is a great starting point, thank you. I've got some feedback to help
 move this forward;

 The function should ideally also account for environment variables, as
 there are events within WordPress that fire before it is set up (for
 example during the installation) which rely on fetching data from the API,
 the language selector in the setup wizard is a great example of this.

 Having the function support all three methods, much like the environment
 type lookup does, in a pattern of `$_ENV < CONST < filter` (left to right
 in increasing priority) would allow a host to define their preferred
 source on the environment before any additional code can run, and easily
 deploy this to all their services.

 As for the changing of `http` to `https` for the default hostname, I
 believe this has been set so intentionally to allow sites who may be
 running older versions of WordPress to still access the host even if the
 bundled CA certificates are expired, so they can still install updates.
 There may be other security considerations attached to this these days
 though, but it is a very small thing to change the URL in a singular
 location in a patch later on based on feedback, so lets keep it as
 `http://` for now to reduce the amount of changes. The HTTP API should
 upgrade the request to HTTPS if supported after all.

 We should also see if we can think of a better function and constant
 name... naming things is hard, and I don't have a clear direction for what
 would be correct here, but the `WP_DOTORG` prefix doesn't feel right, and
 perhaps it needs to be something less internal ("dotorg" only means
 something to those who are in the know as it were, and anyone else looking
 at the code would not as easily see the correlation).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62132#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list