Rewriting protocol issues

  • Hello,

    Your plugin changes the protocols of the entire page from http/https to //
    While this is perfectly valid change for blogs that are running behind https, I find no value for this change to apply on blogs without SSL enabled.

    The change that you are making introduces issues when there is a resource loaded over HTTPS (eg https://some-resource.ltd) on a blog that is running without SSL (http).
    Your plugin will rewrite the resource url from https://some-resource.ltd to //some-resource.ltd and the browser will try to load the resource using the blog’s protocol which in this case is http. End result is that the resource will not be loaded.

    Even, if there is redirection on some-resource.ltd:80 to :443, it will fail for POST requests because browsers change the protocol from POST to GET when they receive status code 301. There is a newer status code introduced, 308, that is going to solve this problem but is not yet adopted by any of the modern browsers out there.

    I’d like to suggest that you do not overwrite the protocol when the page is loaded over http and only change the protocol when the page is loaded over https.

    Another temporary solution will be to NOT change the protocol if the protocol is already https.

    https://www.ads-software.com/plugins/cloudflare/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author simon-says

    (@simon-says)

    Hi Yani,

    Thanks for the feedback. Is there a reason you can’t disable protocol rewriting if this doesn’t fit your specific needs in this case?

    Simon

    Thread Starter Yani

    (@yaniiliev)

    Hello Simon,

    It affects a plugin of mine, All in One WP Migration. When users have cloudflare plugin installed alongside with All in One WP Migration and they have activated protocol rewriting on http only website, they cannot use certain features of All in One WP Migration that require ssl.

    It might make sense to just hide the protocol rewriting if the website is not https, unless there is a good reason to keep it on.

    Having sites in Cloudflare and also looking to use Yani’s All In One WP Migration plugin, I want to watch this conversation as well as give it a plus one for continuing…

    Kine regards…

    Thread Starter Yani

    (@yaniiliev)

    Simon,

    I will be happy to provide a patch that hides the protocol rewriting if the website is not https based. Can you think of any reason why someone would want to have protocol rewriting when the website is not behind ssl?

    Plugin Author simon-says

    (@simon-says)

    Hi Yani,

    There’s no real reason, but also detecting SSL when using Flexible SSL is not easy or necessarily guaranteed safe. In that case my advice would to just turn the protocol re-writing option off as I mentioned previously.

    Simon

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Rewriting protocol issues’ is closed to new replies.