#4975 closed defect (bug) (worksforme)
http and https provide different results for core version check
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | API | Keywords: | |
Cc: |
Description
http://api.wordpress.org/core/version-check/1.7/ and https://api.wordpress.org/core/version-check/1.7/ seem to provide different results.
I would expect http to be auto redirected to https, but even if not, at least having the same results.
Change History (2)
#2
@
5 years ago
Scratch that, the results from the two are not identical. The 1.7 endpoint will only return the latest version update (currently 5.3.2) to older requests. This is for the auto-update process.
In WordPress 3.7, auto-updating to minor versions was introduced. This was when the cacert.pem file was included and WordPress was upgraded to make requests only over https for the API checks. For any installations older than that, it only gives the option to update to the latest supported version. Basically, auto-updating versions use https, older versions of WordPress do not.
The results from the two are identical (it is literally the same code), and it does not redirect to https intentionally. The http endpoint of the API is supported for older WordPress installs. Older installs did not include the cacert.pem file, and so were unreliable when connecting to https endpoints, since they could not always perform certificate validation.