WordPress.org

Make WordPress Core

Changeset 40843


Ignore:
Timestamp:
05/25/17 18:01:16 (4 months ago)
Author:
johnbillion
Message:

REST API: In the admin area, ensure the REST API endpoint URL is forced to https when necessary.

In this situation, a site which uses http on the front end but https in the admin area is more likely to have a working REST API endpoint URL when used in the admin area.

Props mohanjith, westonruter, jnylen0

Fixes #36451

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r40782 r40843  
    336336            $url = set_url_scheme( $url, 'https' ); 
    337337        } 
     338    } 
     339 
     340    if ( is_admin() && force_ssl_admin() ) { 
     341        // In this situation the home URL may be http:, and `is_ssl()` may be 
     342        // false, but the admin is served over https: (one way or another), so 
     343        // REST API usage will be blocked by browsers unless it is also served 
     344        // over HTTPS. 
     345        $url = set_url_scheme( $url, 'https' ); 
    338346    } 
    339347 
Note: See TracChangeset for help on using the changeset viewer.