Wordpress(WooCommerce?)强制https(什么时候不应该) [英] Wordpress (WooCommerce?) forces https (when it shouldn't)
问题描述
我在公司接管的WooCommerce安装上遇到了一个奇怪的问题。构建它的不是我们,不幸的是它构建起来非常糟糕,所以我不太确定那里实际发生了什么。
I'm experiencing a strange issue on a WooCommerce installation my company has taken over. It's not us who built it and unfortunately it's pretty crappy built so I'm not so sure what's actually going on in there.
它突然开始强制https连接,但据我所知,在代码和管理员方面没有任何改变。我们在服务器上运行Git,工作树中没有任何变化,我在uploads文件夹中搜索了没有结果的可疑文件。某种恶意软件不太可能发生。该站点未设置https / ssl,因此这当然会触发超时。
It suddenly started to "force" https connections, but as far as I know nothing has changed in nether the code nor from the admin. We are running Git on the server and nothing has changed in the working tree, and I searched the uploads folder for suspicious files with no results. It's very unlikely some kind of malware. The site is not set up with https/ssl so this does of course trigger a timeout.
我检查了数据库并且都检查了 home_url 和 site_url 设置为http:// ...。 WooCommerce选项force ssl设置为false。此外,我们正在运行插件Better WP Security / iThemes Security,它也提供了强制ssl选项,但也设置为false。
I checked the database and both home_url and site_url are set to "http://...". The WooCommerce option "force ssl" is set to false. Also we are running the plugin "Better WP Security/iThemes Security" which also offers a "force ssl"-option but that one is set to false too.
我试过在wp-config.php中将常量 FORCE_SSL_ADMIN 和 FORCE_SSL_LOGIN 设置为false - 仍然没有运气。我也尝试使用.htaccess重写规则,但这也没有帮助。
I tried setting both the constants FORCE_SSL_ADMIN and FORCE_SSL_LOGIN to false in wp-config.php - still no luck. Also I tried using .htaccess rewrite rules but that didn't help either.
它似乎与请求标题相关联; HTTPS:1 (使用 $ curl -I -H测试HTTPS:1http:// ... )。当那个设置为 0 时,这不会发生。但是,Chrome似乎默认发送它,而其他浏览器则不然。我尝试清除cookie /数据等问题也出现在我的同事的浏览器中(并且她之前从未访问过该网站)。托管公司表示这与服务器配置无关。
It seems to be connected with a request header; HTTPS: 1 (tested with $ curl -I -H"HTTPS: 1" http://...). When that one is set to 0 this does not happen. However Chrome seems to send it by default, which is not the case for other browsers. I tried clearing cookies/data etc. Problem appears in my colleague's browser as well (and she has never visited the site before). Hosting company says this is not related to server configuration.
以前有没有人经历过这个,或者知道它可能与什么有关?
Has anyone experienced this before, or know to what it could be related to?
更新:
运行 curl -I -HHTTPS:1http://www.example.com / wp-admin / 几乎证实这与Wordpress有关。 Cookie由WPML设置,表示Wordpress已初始化。检查位置:标题:
Update:
Running curl -I -H"HTTPS: 1" http://www.example.com/wp-admin/ pretty much confirms this has something to do with Wordpress. The cookies are set by WPML which indicates Wordpress is initialized. Check the Location: header:
HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.6.11
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: _icl_current_admin_language=sv; expires=Wed, 22-Jul-2015 16:06:25 GMT; Max-Age=7200; path=/wp-admin/
Set-Cookie: _icl_current_language=sv; expires=Thu, 23-Jul-2015 14:06:25 GMT; Max-Age=86400; path=/
Set-Cookie: PHPSESSID=xxx; path=/
Location: https://www.example.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.example.com%2Fwp-admin%2F&reauth=1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 Jul 2015 14:06:26 GMT
X-Varnish: nnn
Age: 0
Via: 1.1 varnish
Connection: keep-alive
推荐答案
将Woocommerce更新为2.3.13为我修复了
Updating Woocommerce to 2.3.13 fixed it for me
这篇关于Wordpress(WooCommerce?)强制https(什么时候不应该)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
