Support » Plugin: Simple 301 Redirects » Incompatible with some SSL configurations

  • We recently enabled SSL for our entire website, and the redirects stopped working. After a bit of digging, I found two issues.

    1) The plugin is only checking for $_SERVER['HTTPS'] in the get_protocol() method, which is not set on all servers, especially those behind a proxy/load balancer. Ideally, it should check that var, the $_SERVER['HTTP_X_FORWARDED_PROTO'] var (which should be set to https if it’s running through SSL), and the $_SERVER['SERVER_PORT'] var (which will normally be set to 443 on SSL, but not always – that’s why this should be the last fallback).
    2) If you are using a non-standard SSL configuration, such as CloudFlare’s Flexible SSL, it is recommended that you do not set your home URL to https; if you do, it will cause a redirect loop. Therefore, when the redirect() method attempts to replace get_option('home') within the $userrequest URL, it’s not necessarily finding it, so it fails to replace it.

    For #2, I recommend the following fix (or something similar) to the redirect() method:

    Replace:

    $userrequest = str_ireplace(get_option('home'),'',$this->get_address());

    With something like:

    $home = get_option( 'home' );
    			if ( substr( $home, 0, strlen( 'http:' ) ) !== substr( $this->get_address(), 0, strlen( 'http:' ) ) ) {
    				if ( substr( $this->get_address(), 0, strlen( 'https:' ) ) == 'https:' ) {
    					$home = str_replace( 'http:', 'https:', $home );
    				} else {
    					$home = str_replace( 'https:', 'http:', $home );
    				}
    			}
    			$userrequest = str_ireplace($home,'',$this->get_address());

    Thanks.

    https://wordpress.org/plugins/simple-301-redirects/

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Incompatible with some SSL configurations’ is closed to new replies.