Making WordPress.org

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#4975 closed defect (bug) (worksforme)

http and https provide different results for core version check

Reported by: casiepa's profile casiepa Owned by:
Milestone: Priority: normal
Component: API Keywords:
Cc:

Description

http://api.wordpress.org/core/version-check/1.7/ and https://api.wordpress.org/core/version-check/1.7/ seem to provide different results.

I would expect http to be auto redirected to https, but even if not, at least having the same results.

Change History (2)

#1 @Otto42
5 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

The results from the two are identical (it is literally the same code), and it does not redirect to https intentionally. The http endpoint of the API is supported for older WordPress installs. Older installs did not include the cacert.pem file, and so were unreliable when connecting to https endpoints, since they could not always perform certificate validation.

#2 @Otto42
5 years ago

Scratch that, the results from the two are not identical. The 1.7 endpoint will only return the latest version update (currently 5.3.2) to older requests. This is for the auto-update process.

In WordPress 3.7, auto-updating to minor versions was introduced. This was when the cacert.pem file was included and WordPress was upgraded to make requests only over https for the API checks. For any installations older than that, it only gives the option to update to the latest supported version. Basically, auto-updating versions use https, older versions of WordPress do not.

Note: See TracTickets for help on using tickets.