WordPress.org

Making WordPress.org

Opened 5 years ago

Closed 5 years ago

#401 closed defect (wontfix)

Settings menu disappeared on Rosetta sites

Reported by: vanillalounge Owned by:
Milestone: Priority: normal
Component: International Sites (Rosetta) Keywords:
Cc:

Description

(opened dashboard as admin)

https://i.cloudup.com/TjV9Zd6S58-3000x3000.png

Change History (3)

#1 @Otto42
5 years ago

Which site specifically?

Also, are you proxied? I believe that some of the menus are set to not show to non-proxied users, regardless of admin status.

#2 @vanillalounge
5 years ago

Which site specifically?

http://pt.wordpress.org, of which I am admin

some of the menus are set to not show to non-proxied users

When proxied it does show up, what's the exact rationale behind this? Is it documented somewhere?

#3 @Otto42
5 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Okay then, yeah, that's intentional. For security reasons any settings areas like that have to be going through the proxies for w.org. When you're not proxied, you're an "admin" but not a "super-admin".

In other words, you can't wear your cape unless you're also proxied.

I don't think it's actually documented anywhere, but it's been like that for at least 2 years. Probably longer. Maybe we'll lighten up on this when we go 100% SSL, but I doubt it.

The rationale is that a lot of us go to WordCamps or other places which are using unsecured WiFi, and if somebody snagged a caped user's password or cookie, then they'd still not be able to affect any major changes without also having our SSH keys for the proxy.

You could just call it plain old paranoia, if you prefer. :)

Note: See TracTickets for help on using tickets.