Make WordPress Core

Changeset 40843


Ignore:
Timestamp:
05/25/2017 06:01:16 PM (7 years ago)
Author:
johnbillion
Message:

REST API: In the admin area, ensure the REST API endpoint URL is forced to https when necessary.

In this situation, a site which uses http on the front end but https in the admin area is more likely to have a working REST API endpoint URL when used in the admin area.

Props mohanjith, westonruter, jnylen0

Fixes #36451

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r40782 r40843  
    336336            $url = set_url_scheme( $url, 'https' );
    337337        }
     338    }
     339
     340    if ( is_admin() && force_ssl_admin() ) {
     341        // In this situation the home URL may be http:, and `is_ssl()` may be
     342        // false, but the admin is served over https: (one way or another), so
     343        // REST API usage will be blocked by browsers unless it is also served
     344        // over HTTPS.
     345        $url = set_url_scheme( $url, 'https' );
    338346    }
    339347
Note: See TracChangeset for help on using the changeset viewer.