Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
Edit button doesn't adhere to SSL
Avatar
Domochevsky
Member
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 8:45 am

Hey there.

My site is fully accessible both over https and regular http. Only the backend is forced to SSL, since we're using a self-signed certificate.
A couple of forum buttons do not reflect this optional existence of https links in forms when clicked.

For example, clicking the Edit button warns you that, although the site is encrypted, this link isn't.

<form class="spButtonForm" name="usereditpost66" method="post" action="http://wildwestscifi.net/forum.....r-test#p66">

The same goes for "Empty The Admin Postbag" and likely a bunch of other form links.

<form class="sfsubhead" name="removequeue" method="post" action="http://wildwestscifi.net/forum">

How do I/we/you fix that? (And no, setting the site to go to https by default via General settings is not the solution. I don't want to scare users with warnings from their browser.)

Possibly related: Is there a special reason these forms don't use relative links? (Those should then be automatically filled by the browser.)

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 1:28 pm

and how do you set the https?  all the proper wp config options set?

by chance was this post you want to edit made pre ssl?  such that its base url was already set up without https?

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 1:31 pm

nvm.... think my question is a red herring...

from the users running full ssl, we have not had either issue reported...  and since we use standard wp functions for getting the schema, seems odd...   so some research will be required... and a built complex since at this time, I dont have an ssl test bed that works anymore...

Avatar
Domochevsky
Member
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 2:06 pm

Hm, I set the https basically by manually navigating to the site (typing https:// ... into the url bar) or coming out of the (SSL-secured) admin area like that.

As for the herring, no, optional ssl was already in effect before I installed this plugin. I do suspect if basic wordpress were to be set to enforce SSL for everyone then it'd work just fine, but that is undesirable in this situation.

To be precise: Wordpress Address and Site Address are both set to http://, so regular users do not stumble over the self-signed certificate. Everyone who is willing to put up with that (eg, staff) can navigate the site via https and all links (except some forum button links) follow suite.

This does work best if every plugin and theme uses relative links ( /path/to/content) instead of absolute links (http://sitename.net/path/to/content).

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 2:16 pm

well, several problems there...

first, wp determines the schema (http or https) and plugins (such as simple press), use the wp built in functions for determining that...

what is the point of having ssl and non ssl??  if you support ssl, why not force the users to use it? 

anyways, as a plugin for wp, we are just using standard wp stuff...  for example, proper ssl set up:  https://make.wordpress.org/sup.....wordpress/ (note the specific bad practice of supporting http and https)... 

second, relative urls is a bad idea in WordPress as well since they explicitly do not support them and favor absolute urls... see:  https://make.wordpress.org/cor.....ative-urls

Avatar
Domochevsky
Member
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 2:43 pm

Mr Papa said

well, several problems there...

first, wp determines the schema (http or https) and plugins (such as simple press), use the wp built in functions for determining that...

what is the point of having ssl and non ssl??  if you support ssl, why not force the users to use it? 

anyways, as a plugin for wp, we are just using standard wp stuff...  for example, proper ssl set up:  https://make.wordpress.org/sup.....wordpress/ (note the specific bad practice of supporting http and https)... 

second, relative urls is a bad idea in WordPress as well since they explicitly do not support them and favor absolute urls... see:  https://make.wordpress.org/cor.....ative-urls

1. ...because of the reasons I have mentioned before? So staff can use SSL. Everyone else can chose to use it as well, if they want to put up with the self-signed certificate.

2. I do note that they give no reason for this supposed bad practice. >_>

3. Given that link, even Wordpress itself seems to favour relative URLs if they were to do a do-over, so that doesn't seem very convincing at all. (Not to mention the arguments being rather weak.)

Mind you, this is not a big issue, it's just kinda odd to see these buttons behave differently from everything else.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Jun 14, 2015 - 3:26 pm

2  ssl is about security... if you allow non https when https is there, you have no added security...  the guys you trust the most (staff), use ssl..  everyone else uses non unless they want to use ssl?  no security benefit there...  trust me, not trying to tell you your business - just dont understand the use case or concept...

3  understand... like it or not, as part of wp ecosystem, we have to live within its boundaries...  there are certainly things I would like to see different...

when I get an ssl site back up, can try to see if anything that can be learned here...  but its a fringe set up (no offense intended)...

Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 620
Members: 17365
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10128
Posts: 79626