Make WordPress Core


Ignore:
Timestamp:
10/22/2015 12:07:36 AM (9 years ago)
Author:
johnbillion
Message:

Force the REST API URL to use https for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL.

This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/rest-functions.php

    r35349 r35351  
    255255    }
    256256
     257    if ( is_ssl() ) {
     258        // If the current host is the same as the REST URL host, force the REST URL scheme to HTTPS
     259        if ( $_SERVER['SERVER_NAME'] === parse_url( get_home_url( $blog_id ), PHP_URL_HOST ) ) {
     260            $url = set_url_scheme( $url, 'https' );
     261        }
     262    }
     263
    257264    /**
    258265     * Filter the REST URL.
Note: See TracChangeset for help on using the changeset viewer.