screenshots of plugins from wordpress.org load over http instead of https when FORCE_SSL_ADMIN is enabled

[brantgurga]

1. Enabled FORCE_SSL_ADMIN in Wordpress on an appropriate host.
2. Use default settings in Internet Explorer 8.
3. Go to the plugin installation page.
4. Choose a plugin from wordpress.org to install.

Actual Result:
You get a mixed mode warning because the screenshots and possibly other content loaded from wordpress.org are loaded over http instead of https.

Expected Result:
Screenshots are loaded over https so that content is not mixed.

The tickets description might be somehow incomplete. Mixing does mean that you are mixing files from different hosts as well.

Additionally mixing content is not a bug. What the reporter wants is a new feature that prevents a certain message in a certain browser. This might increase usability wihtin certain usergroups. But this is not a bug.

Other browsers can warn about this situation as well and it is a bug not a feature request. The reason is that when a page is loaded over https, there is a trust associated with it being from where it claims to be from. As soon as you load non-https content into the page, that non-https content can potentially handle all the interaction and appearance of the page.

That said, it appears that a change, either in Wordpress itself or the Wordpress site has worked around/fixed this issue by displaying the alt text instead of the screenshots in this scenario.

This is as of Wordpress 2.9.1 if it is a change in the Wordpress code itself for reference.

There hadnt been any changes here i dont think, It would've been related to either the browser preventing non-secure items from loading or the wordpress.org site being unavailable for some reason.

This will require a change on the WordPress.org servers as well to allow screenshots to be loaded over HTTPS as well, this is currently not possible.