[Plugin: Jetpack by WordPress.com] JetPack initial connect doesn't fallback from HTTPS to HTTP

  • Resolved Gwyneth Llewelyn

    (@gwynethllewelyn)


    12 years, 3 months ago

    Hi,

    I have a website which is behind a severely restricted firewall, running on an environment where the IP address is private and not public. As such, all outgoing requests have to go through a firewall.

    HTTP requests work well through the firewall, but HTTPS do not.

    A year ago, a similar issue was reported here (and duly closed), mentioning that a simple tweak in the code would make JetPack attempt to connect via HTTP and ignore connections via HTTPS. It was a very simple change.

    Later, an automatic fallback mechanism was introduced: JetPack would attempt to connect first via HTTPS, and if that failed, it would connect via HTTP. This meant that the initial connection might have taken a bit longer, but, eventually, it would connect without problems.

    Recent versions, however, seem to work differently. If JetPack makes a HTTPS connection through a proxy, and that connection fails, it never falls back to HTTP. I believe it’s assuming that the proxy knows what it’s doing, and accepts the error from the proxy as being “final” and doesn’t make any more attempts. In our particular setup, the proxy clearly cannot connect via HTTPS (and will drop an error!) but has no problem reaching jetpack.me or jetpack.wordpress.com via HTTP.

    So what I need to do is to “force” JetPack to use only HTTP requests and never even attempt HTTPS ones. How is that managed? I’ve looked through the code and I’m baffled where the old fallback mechanism is nowadays. It looks like Automattic might have dropped HTTP connections, and, as such, just attempts HTTPS ones. Is that so?

    https://www.ads-software.com/extend/plugins/jetpack/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Gwyneth Llewelyn

    (@gwynethllewelyn)

    The only method I found is to manually change the URL that JetPack uses to connect:

    Open /wp-content/plugins/jetpack/jetpack.php

    And manually change https to http on line 15:

    defined( 'JETPACK__API_BASE' ) or define( 'JETPACK__API_BASE', 'https://jetpack.wordpress.com/jetpack.' );

    This seems to work.

    Plugin Contributor Michael Adams (mdawaffe)

    (@mdawaffe)

    Jetpack does fallback to HTTP during registration, but it only does so when it sees certain error messages. Your proxy must be responding with an error message Jetpack doesn’t recognize.

    Honestly, though, this sounds like a misconfigured proxy.

    I strongly encourage you to talk to your network administrators about opening up HTTPS requests. Unless they want to be able to snoop on all of your traffic, I can’t think of a reason why HTTPS should be blocked.

    Also, editing the Jetpack files means you’ll have to keep editing them every time you updated Jetpack, which would be a pain. Instead of editing jetpack.php, you can add the following to your wp-config.php.

    defined( 'JETPACK_CLIENT__HTTPS', 'NEVER' );

    A warning to you and others that read this thread. Do not do this . HTTPS is better. Work with your host and/or network administrators to get HTTPS working correctly instead.

    If this is the only thing that makes Jetpack work, then there is either a problem with your host/network or a bug in Jetpack. Please report the problem to us https://jetpack.me/support/ (bottom of the page) so we can fix Jetpack if the problem lies there.

    Thread Starter Gwyneth Llewelyn

    (@gwynethllewelyn)

    You’re right, I’m pretty much sure that JetPack (or rather, the underlying transport mechanism) is encountering an unknown error, and that comes from Squid.

    The proxy is not misconfigured in the usual sense; people are not supposed to use outgoing webservices at all. It was only with extreme reluctance, and only in exceptional cases, that this was allowed — but apparently only for HTTP requests. This might be the first case where HTTP requests are not enough. Changing the whole setup to allow outgoing HTTPS requests, if it requires a complex configuration, will be out of the question. If it’s just adding a line or two (it isn’t; I have tried), then it might be possible.

    Anyway, I just wanted to thank you for the far simpler configuration setting on wp-config.php. I was looking for exactly that, but had no idea if JETPACK_CLIENT__HTTPS was ‘visible’ only inside the plugin or if it could be set on wp-config.php. I truly appreciate your help!

    Plugin Contributor Michael Adams (mdawaffe)

    (@mdawaffe)

    You’re welcome. I’m glad you got it (mostly ;)) working.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Jetpack by WordPress.com] JetPack initial connect doesn't fallback from HTTPS to HTTP’ is closed to new replies.