WP_CONTENT_URL should use site_url() to support HTTPS / SSL
|Reported by:||micropat||Owned by:|
On HTTPS pages, users sometimes get 'insecure content' warnings from their browser. This is commonly caused by plugins which use the WP_PLUGIN_URL constant to get the full plugin directory URL for the sake of loading static content.
The problem is that WP_PLUGIN_URL will always return the siteurl (as specified in Settings > General) and thus does not adjust from http:... to https:... when needed.
WP_PLUGIN_URL is dependent on WP_CONTENT_URL, and WP_CONTENT_URL is derived from get_option('siteurl'), which only returns the siteurl and does not adjust for HTTPS pages. However, the site_url() function does adjust for HTTPS pages.
So, to fully support HTTPS and directives such as FORCE_SSL_LOGIN and FORCE_SSL_ADMIN, WP_CONTENT_URL needs to use the site_url() function as proposed in my riveting one-liner patch.
Change History (26)
comment:12 @nacin — 4 years ago
- Keywords 3.2-early added
- Milestone changed from 3.1 to Future Release
comment:16 @marfarma — 3 years ago
- Cc pauli.price@… added
comment:17 @jeremyclarke — 3 years ago
- Cc jer@… added
- Keywords 3.2-early removed