WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 20 months ago

#25222 closed enhancement (duplicate)

Detect https correctly when behind a proxy/loadbalancer

Reported by: xeli Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.6
Component: HTTP API Keywords:
Focuses: Cc:

Description

The wordpress is_ssl() does not check the HTTP-X-Forwarded-Proto http header to determine if the site is on ssl.

This cause all assets (css/js/images) to be served as http rather than https.

The fix is rather easy in wp-include/functions.php change:

function is_ssl() {
    if ( isset($_SERVER['HTTPS']) ) {
        if ( 'on' == strtolower($_SERVER['HTTPS']) )
            return true;
        if ( '1' == $_SERVER['HTTPS'] )
            return true;
    } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
        return true;
    }
    return false;
}

to

function is_ssl() {
    if ( isset($_SERVER['HTTPS']) ) {
        if ( 'on' == strtolower($_SERVER['HTTPS']) )
            return true;
        if ( '1' == $_SERVER['HTTPS'] )
            return true;
    } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
        return true;
    } elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
        return true;
    }
    return false;
}

Change History (3)

comment:1 @xeli2 years ago

  • Cc richard@… added
  • Component changed from General to HTTP
  • Type changed from defect (bug) to enhancement
  • Version set to trunk

comment:2 @dd322 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

comment:3 @SergeyBiryukov20 months ago

  • Version changed from trunk to 3.6
Note: See TracTickets for help on using tickets.