Make WordPress Core

Changeset 20829


Ignore:
Timestamp:
05/18/2012 08:09:53 PM (13 years ago)
Author:
ryan
Message:

Load the customize preview over ssl if the customize admin page is loaded over ssl and the frontend and admin are on the same domain. This avoids insecure content warnings and allows a more complete preview in browsers such as Chrome that block loading of css until user confirmation allows mixed content loading. see #20702

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/customize-controls.php

    r20809 r20829  
    9393    do_action( 'customize_controls_print_footer_scripts' );
    9494
     95    // If the frontend and the admin are served from the same domain, load the
     96    // preview over ssl if the customizer is being loaded over ssl. This avoids
     97    // insecure content warnings. This is not attempted if the admin and frontend
     98    // are on different domains to avoid the case where the frontend doesn't have
     99    // ssl certs. Domain mapping plugins can force ssl in these conditions using
     100    // the customize_preview_link filter.
     101    $admin_origin = parse_url( admin_url() );
     102    $home_origin = parse_url( home_url() );
     103    $scheme = null;
     104    if ( is_ssl() && ( $admin_origin[ 'host' ] == $home_origin[ 'host' ] ) )
     105        $scheme = 'https';
     106
     107    $preview_url = apply_filters( 'customize_preview_link',  home_url( '/', $scheme ) );
     108
    95109    $settings = array(
    96110        'theme'    => array(
     
    99113        ),
    100114        'url'      => array(
    101             'preview'  => esc_url( home_url( '/' ) ),
     115            'preview'  => esc_url( $preview_url ),
    102116            'parent'   => esc_url( admin_url() ),
    103117            'ajax'     => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
Note: See TracChangeset for help on using the changeset viewer.