Discussion:
Password protected page with SSL network and domain mapping
Tom Barrett
2013-10-02 10:16:47 UTC
Permalink
I have a network with SSL login/admin. Password protected pages use
wp-login.php?action=postpass.

I can't get this to work at all on sites with mapped domains. At worst it
tries load https://customdomain.com/wp-login.php (which fails due to lack
of SSL on mapped domain). At best it loads the login page.

Anyone have any experience with this? Can point me in the right direction
for filters to nginx rewrite rules that I need to apply?

Thanks
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
Marko Heijnen
2013-10-02 11:54:33 UTC
Permalink
At the moment I'm rewriting the domain mapping plugin and this is one of the things I play with.
I got the same situation but it quite a mess. Since the site url is without SSL and when you go there it should map to the admin/network url with https.

Marko
Post by Tom Barrett
I have a network with SSL login/admin. Password protected pages use
wp-login.php?action=postpass.
I can't get this to work at all on sites with mapped domains. At worst it
tries load https://customdomain.com/wp-login.php (which fails due to lack
of SSL on mapped domain). At best it loads the login page.
Anyone have any experience with this? Can point me in the right direction
for filters to nginx rewrite rules that I need to apply?
Thanks
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Tom Barrett
2013-10-02 14:20:16 UTC
Permalink
It would certainly be interesting to see an alternative.

I think the basic issue is that the domain mapping plugin filters
the_content with str_replace() to update all URLs. Irrespective of them
being admin (wp-admin/wp-login/admin-ajax) or not. I've not had the chance
to evaluate the cost of replacing it with something like preg_replace() (or
whether that will suffice).

Potentially a lot of variables/permutations to consider....
Post by Marko Heijnen
At the moment I'm rewriting the domain mapping plugin and this is one of
the things I play with.
I got the same situation but it quite a mess. Since the site url is
without SSL and when you go there it should map to the admin/network url
with https.
Marko
Post by Tom Barrett
I have a network with SSL login/admin. Password protected pages use
wp-login.php?action=postpass.
I can't get this to work at all on sites with mapped domains. At worst it
tries load https://customdomain.com/wp-login.php (which fails due to
lack
Post by Tom Barrett
of SSL on mapped domain). At best it loads the login page.
Anyone have any experience with this? Can point me in the right direction
for filters to nginx rewrite rules that I need to apply?
Thanks
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
Jesse Friedman
2013-10-02 14:45:08 UTC
Permalink
The engineers at WP Engine offer this as a service so they've mastered it.
Maybe you can get with someone there and they'll share how they do it.
Post by Tom Barrett
It would certainly be interesting to see an alternative.
I think the basic issue is that the domain mapping plugin filters
the_content with str_replace() to update all URLs. Irrespective of them
being admin (wp-admin/wp-login/admin-ajax) or not. I've not had the chance
to evaluate the cost of replacing it with something like preg_replace() (or
whether that will suffice).
Potentially a lot of variables/permutations to consider....
Post by Marko Heijnen
At the moment I'm rewriting the domain mapping plugin and this is one of
the things I play with.
I got the same situation but it quite a mess. Since the site url is
without SSL and when you go there it should map to the admin/network url
with https.
Marko
Post by Tom Barrett
I have a network with SSL login/admin. Password protected pages use
wp-login.php?action=postpass.
I can't get this to work at all on sites with mapped domains. At worst
it
Post by Marko Heijnen
Post by Tom Barrett
tries load https://customdomain.com/wp-login.php (which fails due to
lack
Post by Tom Barrett
of SSL on mapped domain). At best it loads the login page.
Anyone have any experience with this? Can point me in the right
direction
Post by Marko Heijnen
Post by Tom Barrett
for filters to nginx rewrite rules that I need to apply?
Thanks
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
thanks
*
*
*jesse friedman*
jes.se.com *
*
Book: Web Designers Guide to WordPress -
http://wdgwp.com/onamazon<http://wdgwp.com/onamazon>
Twitter: @professor <http://twitter.com/professor>
Facebook: Like<https://www.facebook.com/pages/Jesse-Friedman/204793299545174>
Tom Barrett
2013-10-03 18:51:35 UTC
Permalink
At the moment I'm playing with this idea:
- Update the password form to poke the SSL admin URL using AJAX
- Add mapped domain to allowed origins
- Return the cookie settings
- Set the cookie in AJAX callback and refresh the screen

Obviously that doesn't have a non js fallback..

Loading...