https rewriting is breaking external forms in admin | WordPress.org

Resolved Aaron Edwards
(@uglyrobot)

9 years, 9 months ago
We have a form in admin, and the form action is getting rewritten to be // instead of https://. This breaks the form and in Chrome and FF browsers strangely changes the form behavior to make a GET request with no parameters. I don’t think protocol relative urls work in form action attributes.
1. You should not be overriding form actions
2. You probably shouldn’t be overriding urls in admin side at all
3. You are changing https:// to // which is a security issue, you are lowering security on sites that don’t use ssl. If the goal is to avoid mixed content errors, you should only be filtering http://.
https://wordpress.org/plugins/cloudflare/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Aaron Edwards
(@uglyrobot)

9 years, 9 months ago

Update: the problem is not point #1, it’s that for security our site only allows https connections and redirects insecure requests. So the problem is in #3 that the plugin is downgrading secure forms to be insecure.

jwineman
(@jwineman)

9 years, 9 months ago

Hi,

We’re in the process of redesigning the plugin and in the new version the protocol rewrite functionality will be removed.

Thanks,
John

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘https rewriting is breaking external forms in admin’ is closed to new replies.

2 replies
2 participants
Last reply from: jwineman
Last activity: 9 years, 9 months ago
Status: resolved