I’m typing this to provoke the following error:
uncaught exception: Permission denied to call method XMLHttpRequest.open
So far, not provoked, which means that I think I figured out what was killing me ever since I upgraded to WordPress 2.1.
Before I declare victory, let me try to insert a link, which is what I was having the most trouble with before. Yippee!
The part of the post from the above link that made the lightbulb go off in my head was where megatron5151 points out that links with “evolvefuel.com/blog” were different than “www.evolvefuel.com/blog” for purposes of the browser thinking that there was a cross-scripting domain issue.
I realized that I was redirecting all URLs with either wp-admin or wp-login in them to require https. That made the base URL of the site different than the administrative part of the site (only due to my redirection, not because of anything that WordPress was aware of!), and so the new AJAX niceties that were introduced in WordPress 2.1 were being turned off by Firefox (correctly!), like autosave, etc.
The simple solution (and I’m not sure whether I have compromised security here or not, so if anyone is indeed reading this, which I doubt, and you know the answer, please let me know!), is that I made only the wp-login redirect to https, and once logged in (presumably avoiding my password being transferred in the clear over the wire), I revert back to plain old http. If the rest of the authentication is done via cookies, or sessions ids, I guess/hope that I’m fine from a security point of view. If not, then I guess that Firefox will be continually sending my password in the clear in the background (unbeknownst to me), in which case I need a better long-term solution than this.
In the meantime, I am immensely relieved to have put this headache behind me. Further, it turned out to be an interesting first use of Firebug, which is clearly awesome 🙂
P.S. I am very happy to have been able to link to Firebug as a result of it helping me to track down this problem 😉
Leave a Reply