WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#20702 closed defect (bug) (fixed)

Theme Customizer: Insecure content warnings when loading preview

Reported by: ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords:
Focuses: Cc:
PR Number:

Description

When visiting the customizer over ssl, https should be used for all links to resources. This includes the link used for the XHR request to the frontend to populate the preview. Further, the default themes should also use https links for all resources when visited over ssl.

Attachments (1)

20702.diff (4.7 KB) - added by ryan 8 years ago.

Download all attachments as: .zip

Change History (5)

@ryan
8 years ago

#1 @ryan
8 years ago

Patch loads the preview via SSL if is_ssl() and no domain mapping. Fixes some links to image headers. Includes set_url_scheme() from #18017.

#2 @ryan
8 years ago

In [20829]:

Load the customize preview over ssl if the customize admin page is loaded over ssl and the frontend and admin are on the same domain. This avoids insecure content warnings and allows a more complete preview in browsers such as Chrome that block loading of css until user confirmation allows mixed content loading. see #20702

#3 @ryan
8 years ago

In [20830]:

set_url_scheme() for header and background image srcs. see #20702

#4 @ryan
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.