28 Jun Chrome beta 44 causing problems with https/SSL
Just a heads up, I’ve seen a rash of WordPress site users reporting problems that can be traced back to using Chrome beta version 44. When the user’s browser is rolled back to regular version 43 the issues go away. Symptoms include forcing a WordPress site to use https no matter what settings are changed or set, even on sites that have previously had no SSL at all. This is NOT a symptom of a cached https URL. Fixes I’ve attempted include clearing cache completely, incognito mode, clearing domain from HSTS. I’ve submitted a bug ticket so hopefully this won’t make it into the next Chrome release.
For now, if you or your users see this issue check the version of chrome and uninstall beta/reinstall stable track as needed.
Update: I reported the bug and chrome devs are looking at it. Follow here: https://code.google.com/p/chromium/issues/detail?id=505268
Update 2: The Chrome devs pushed an update to fix this conflict, but although the bug made it into stable version 44 the bug fix didn’t, so until next week (July 27, 2015) a huge chunk of WordPress sites will appear to be insecure in Chrome. I’ve complained about them letting such a massive bug make it into a stable release, we’ll see if they push it out any faster.
Update 3: It looks like the chrome devs have acknowledged the impact of the release and are investigating if a push update can be made early.
Update 4: The problem appears to lie more with faulty plugin coding than anything else – hence the confusion with WooCommerce. Lots of plugins are getting out updates to fix this so check your updates if you haven’t already. More technical info on those pesky http headers can be found here.
Update 5: Chrome pushed out an early update on July 24th. Leave your fixes in place for a while so that users have time to update their browsers. Thanks for all the hard work and community support everyone!