Title: https – Make WordPress Systems

---

#  Tag Archives: https

 [  ](https://profiles.wordpress.org/dd32/) [Dion Hulse](https://profiles.wordpress.org/dd32/)
1:23 am _on_ June 10, 2016     
Tags: https   

# 󠀁[low priority Another #https report came in this…](https://make.wordpress.org/systems/2016/06/10/low-priority-another-https-report-came-in-this/)󠁿

(low-priority) Another [#https](https://make.wordpress.org/systems/tag/https/) report
came in, this time for https://svn.buddypress.org/ which is not using the buddypress
cert, but rather than WordPress.org wildcard.

https://wordpress.slack.com/archives/buddypress/p1465520101000488

Although https://buddypress.svn.wordpress.org/ is the canonical SVN location, https://
svn.buddypress.org/ shows up in search results and is affected by the HTTPSEverywhere-
type browser extensions too.

 * [Login to Reply](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fmake.wordpress.org%2Fsystems%2F2016%2F06%2F10%2Flow-priority-another-https-report-came-in-this%2F%23respond&locale=en_US)

 * [Clear to-do](https://make.wordpress.org/systems/tag/https/?output_format=md&resolved=resolved#)

 [  ](https://profiles.wordpress.org/iandunn/) [Ian Dunn](https://profiles.wordpress.org/iandunn/)
6:20 pm _on_ June 17, 2013     
Tags: https, [redirect ( 3 )](https://make.wordpress.org/systems/tag/redirect/),
[ssl ( 16 )](https://make.wordpress.org/systems/tag/ssl/), [wordcamp.org ( 32 )](https://make.wordpress.org/systems/tag/wordcamp-org/)

# 󠀁[This is a followup to what I posted…](https://make.wordpress.org/systems/2013/06/17/this-is-a-followup-to-what-i-posted/)󠁿

(This is a followup to what I posted on a8c’s sysreq last Thursday, which [@762e5e74](https://profiles.wordpress.org/762e5e74/)
was working on. That request should have gone here in the first place, because it’s
related to WordCamp.org, so I’m moving the discussion here.)

To summarize the issue, URLs like **https://**2013.sf.wordcamp.org/tickets are being
redirected to http://central.wordcamp.org/tickets, when they should instead be redirected
to **http://**2013.sf.wordcamp.org/tickets. (I think this is because they get caught
by the catch-all redirect, even though they’re valid pages.)

[r4811](https://core.trac.wordpress.org/changeset/4811)-deployDeploy Launching code
from a local development environment to the production web server, so that it's 
available to visitors. added a new rule that redirected all HTTPSHTTPS HTTPS is 
an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version 
of HTTP, the protocol over which data is sent between your browser and the website
that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means
all communications between your browser and the website are encrypted. This is especially
helpful for protecting sensitive data like banking information. traffic to HTTPHTTP
HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol
used by the World Wide Web and this protocol defines how messages are formatted 
and transmitted, and what actions Web servers and browsers should take in response
to various commands., but that conflicted with a PHPPHP PHP (recursive acronym for
PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting
language that is especially suited for web development and can be embedded into 
HTML. [https://www.php.net/manual/en/index.php](https://www.php.net/manual/en/index.php)
redirect back to HTTPS, and created a loopLoop The Loop is PHP code used by WordPress
to display posts. Using The Loop, WordPress processes each post to be displayed 
on the current page, and formats it according to how it matches specified criteria
within The Loop tags. Any HTML or PHP code in the Loop will be processed on each
post. [https://codex.wordpress.org/The_Loop](https://codex.wordpress.org/The_Loop).

We’ve removed the PHP redirect for the time being, since the SSLSSL Secure Socket
Layer - Encryption from the server to the browser and back. Prevents prying eyes
from seeing what you are sending between your browser and the server. cert doesn’t
work on 4th-level domains. We should be able to re-apply [r4811](https://core.trac.wordpress.org/changeset/4811)-
deploy at this point, but I’d like to make a minor modification to it, so that it’s
future-proof for when we do support HTTPS on the 4th-level domains (via 3rd-level
aliases and domain mapping, or a wildcard with *.*.wordcamp.org SANs, or some other
solution).

The modification would be to ignore HTTPS requests to wp-admin URLs. So, the logic
would be:

    ```
    if https
        if URL doesn't contain wp-admin
            redirect to http version of the URL
    ```

That way a request to https://2013.sf.wordcamp.org/wp-admin (or any subpages under
wp-admin) would not be redirected, but a request to https://2013.sf.wordcamp.org/
tickets will be redirected.

One other thing to keep in mind is that attempts to login to the year.city sites(
e.g., http://2013.sf.wordcamp.org/wp-login.php) redirect to http://wordcamp.org/
wp-login.php (so they can use the valid SSL), though, and we don’t want that to 
be affected by any new rules. I don’t think it will be, but thought I’d mention 
it just in case.

[#https](https://make.wordpress.org/systems/tag/https/), [#redirect](https://make.wordpress.org/systems/tag/redirect/),
[#ssl](https://make.wordpress.org/systems/tag/ssl/), [#wordcamp-org](https://make.wordpress.org/systems/tag/wordcamp-org/)

 * [Login to Reply](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fmake.wordpress.org%2Fsystems%2F2013%2F06%2F17%2Fthis-is-a-followup-to-what-i-posted%2F%23respond&locale=en_US)

 * [Clear to-do](https://make.wordpress.org/systems/tag/https/?output_format=md&resolved=resolved#)