Skip to:
Content

bbPress.org

Opened 8 years ago

Last modified 8 years ago

#1565 new defect

HTTPS URLs aren't generated as expected

Reported by: dimadin Owned by:
Milestone: Future Release (Legacy) Priority: high
Severity: major Version: 1.1-alpha
Component: Front-end Keywords:
Cc:

Description

bbPress doesn't generate HTTPS URLs if page is visited over HTTPS and SSL is not forced. This is very different that in WordPress where in cases like this all internal URLs generated by WordPress core functions are over HTTPS.

You can compare https://wordpress.org/news/ and https://wordpress.org/support/ . As you can see, at the first page all URLs are over HTTPS except those that are hardcoded.

This means that even if user visits page over HTTPS, bbPress will still generate HTTP URLs which makes it even worse than with plain HTTP.

Yesterdays issue over at wp.org shows that this is a serious thing and this should be fixed no matter what is a future of bbPress standalone since its still heavily used on wordpress.(org|com).

By inspecting the code, I believe that this will be solved with a change in bb_get_uri() function since URL generation depends on this. After this logic there should be elseif function with a code from WordPress.

I can't test this right now (and create a patch) so take that into account.

Related ticket: #715

Change History (3)

#1 @johnjamesjacoby
8 years ago

  • Milestone changed from Awaiting Review to 1.1

Agreed. Moving to 1.1 milestone.

#2 @dimadin
8 years ago

I did some tests and change in bb_get_uri() does fix issue with almost all URLs. Exceptions are (by default) stylesheet URLs since they are generated by constants in bb-settings.php so this file needs attention too.

One issue that arrives with usage of HTTPS URLs this way is that you can't access admin area. Reason for this is that secure_auth cookie is not set because bb_set_auth_cookie() sets it only when ssl is forced for login or admin so we need to cover this function too.

#3 @johnjamesjacoby
8 years ago

  • Milestone changed from 1.1 to 1.2
Note: See TracTickets for help on using tickets.