Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#20702 closed defect (bug) (fixed)

Theme Customizer: Insecure content warnings when loading preview

Reported by: ryan's profile ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords:
Focuses: Cc:


When visiting the customizer over ssl, https should be used for all links to resources. This includes the link used for the XHR request to the frontend to populate the preview. Further, the default themes should also use https links for all resources when visited over ssl.

Attachments (1)

20702.diff (4.7 KB) - added by ryan 12 years ago.

Download all attachments as: .zip

Change History (5)

12 years ago

#1 @ryan
12 years ago

Patch loads the preview via SSL if is_ssl() and no domain mapping. Fixes some links to image headers. Includes set_url_scheme() from #18017.

#2 @ryan
12 years ago

In [20829]:

Load the customize preview over ssl if the customize admin page is loaded over ssl and the frontend and admin are on the same domain. This avoids insecure content warnings and allows a more complete preview in browsers such as Chrome that block loading of css until user confirmation allows mixed content loading. see #20702

#3 @ryan
12 years ago

In [20830]:

set_url_scheme() for header and background image srcs. see #20702

#4 @ryan
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.