Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]: Force admin access via SSL #17

Open
jakewrfoster opened this issue May 2, 2023 · 4 comments
Open

[FEATURE]: Force admin access via SSL #17

jakewrfoster opened this issue May 2, 2023 · 4 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@jakewrfoster
Copy link
Member

Description

Alleyvate should force all admin access via SSL. eg. define('FORCE_SSL_ADMIN', true);

Use Case

All access to the admin area should be secure for security purposes.
@jakewrfoster jakewrfoster added the enhancement New feature or request label May 2, 2023
@jakewrfoster
Copy link
Member Author

Issue originally raised by @benpbolton.

@jakewrfoster jakewrfoster added the help wanted Extra attention is needed label May 2, 2023
@mogmarsh
Copy link
Contributor

mogmarsh commented Mar 22, 2024
edited
Loading

Any reason to not force it everywhere? Could combine with #85 if we are ok forcing it everywhere.

@benpbolton
Copy link
Member

this is hard. The purist in me says that we should just look at what FORCE_SSL_ADMIN does and do that; because surely someone at some point is going to "need" http... or expect http and then they'll look up wp-alleyvate code to realize that our code is forcing https instead of the http they expected...

I dunno. It's really hard to justify not doing https everywhere these days ... our dev envs all support it... it's hard not to say 'force it everywhere', but the original intent of this was to mimic setting FORCE_SSL_ADMIN just... eternally on

@jakewrfoster
Copy link
Member Author

My intent for #85 was to rely on the DB value to determine the scheme instead of some other layer of the application making that decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jakewrfoster @benpbolton @mogmarsh