Opened 13 years ago
Last modified 11 months ago
#1565 new defect (bug)
HTTPS URLs aren't generated as expected
Reported by: | dimadin | Owned by: | |
---|---|---|---|
Milestone: | Future Release (Legacy) | Priority: | high |
Severity: | major | Version: | 1.1-alpha |
Component: | Front-end | Keywords: | |
Cc: |
Description
bbPress doesn't generate HTTPS URLs if page is visited over HTTPS and SSL is not forced. This is very different that in WordPress where in cases like this all internal URLs generated by WordPress core functions are over HTTPS.
You can compare https://wordpress.org/news/ and https://wordpress.org/support/ . As you can see, at the first page all URLs are over HTTPS except those that are hardcoded.
This means that even if user visits page over HTTPS, bbPress will still generate HTTP URLs which makes it even worse than with plain HTTP.
Yesterdays issue over at wp.org shows that this is a serious thing and this should be fixed no matter what is a future of bbPress standalone since its still heavily used on wordpress.(org|com).
By inspecting the code, I believe that this will be solved with a change in bb_get_uri() function since URL generation depends on this. After this logic there should be elseif function with a code from WordPress.
I can't test this right now (and create a patch) so take that into account.
Related ticket: #715
Change History (3)
#2
@
13 years ago
I did some tests and change in bb_get_uri() does fix issue with almost all URLs. Exceptions are (by default) stylesheet URLs since they are generated by constants in bb-settings.php so this file needs attention too.
One issue that arrives with usage of HTTPS URLs this way is that you can't access admin area. Reason for this is that secure_auth cookie is not set because bb_set_auth_cookie() sets it only when ssl is forced for login or admin so we need to cover this function too.
Agreed. Moving to 1.1 milestone.