WordPress.org

Make WordPress Core

Ticket #36451: 36451.4.diff

File 36451.4.diff, 1.1 KB (added by jnylen0, 2 years ago)
  • src/wp-includes/rest-api.php

    diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php
    index c831fed..6e11728 100644
    a b function get_rest_url( $blog_id = null, $path = '/', $scheme = 'rest' ) { 
    331331        }
    332332
    333333        if ( is_ssl() ) {
    334                 // If the current host is the same as the REST URL host, force the REST URL scheme to HTTPS.
    335                 if ( $_SERVER['SERVER_NAME'] === parse_url( get_home_url( $blog_id ), PHP_URL_HOST ) ) {
     334                // If the current host is the same as the REST URL host, force the REST
     335                // URL scheme to HTTPS.
     336                $home_url_hostname = parse_url( get_home_url( $blog_id ), PHP_URL_HOST );
     337                if ( $_SERVER['SERVER_NAME'] === $home_url_hostname ) {
    336338                        $url = set_url_scheme( $url, 'https' );
    337339                }
    338340        }
    339341
     342        if ( is_admin() && force_ssl_admin() ) {
     343                // In this situation the home URL may be http:, and `is_ssl()` may be
     344                // false, but the admin is served over https: (one way or another), so
     345                // REST API usage will be blocked by browsers unless it is also served
     346                // over SSL.
     347                $url = set_url_scheme( $url, 'https' );
     348        }
     349
    340350        /**
    341351         * Filters the REST URL.
    342352         *