Comments (4)
I can see the argument that because it's on the edit screen it could be seen as a part of handling "content" warnings, but I'm moving this to 1.1.0 for two reasons:
- I am not sure what the situation is where the admin isn't using HTTPS with this plugin at this point, so if it's an HTTP-only featured image for some reason you are going to get a browser warning as it is.
- This seems to me to be a broader media library-as-content issue, so before jumping in we should at least take a minute to figure out what the scope is as related to the media library, and probably hold to see what the usage and demand is like on this plugin before proceeding further.
from insecure-content-warning.
WP 5.7 added the ability for content to be updated from HTTP to HTTPS more gracefully, so yes let's go ahead and close this for now but if there are community reports of issues with media library content then we can re-investigate more detailed messaging for users on how to update their site with SSL & HTTPS.
from insecure-content-warning.
@Sidsector9 The featured image URL will use the same URI scheme as the site URL. So if the site is using HTTPS, the featured image on the front end will use HTTPS too. Am I missing other cases here? If yes, can you provide steps to reproduce?
cc @dkotter
from insecure-content-warning.
@dinhtungdu I had similar thoughts. But I came across a rare scenario where the media is uploaded before HTTPS is enabled. In this scenario the URLs stored in the DB are still HTTP, moreover the HTTP version of the image can be retrieved on the frontend if poorly implemented. I think the enhancement can serve at most to warn users of the image URLs stored in the DB. Any thoughts on this?
from insecure-content-warning.
Related Issues (20)
- Add a "Build release zip" GitHub Action
- Release version 1.0.3
- The plugin hasn't been tested with the latest version of WordPress
- Update node and NPM versions HOT 3
- Fix failing E2E tests
- Cleanup config files
- Release version 1.1.0
- Add PHP checks HOT 1
- The plugin hasn't been tested with the latest version of WordPress
- Only the first instance of insecure content is fixed
- Upgrade Cypress to version 13
- Run E2E tests on the zip generated by "Build release zip" action.
- Release version 1.2.0
- The plugin hasn't been tested with the latest version of WordPress HOT 1
- Clean up NPM dependencies and update node to v20
- Setup Cypress for E2E testing
- Doesn't see insecure elements inside Classic Block HOT 1
- Release version 1.0.2
- Bump WordPress and PHP minimums
- The plugin hasn't been tested with the latest version of WordPress
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from insecure-content-warning.