#25222 closed enhancement (duplicate)
Detect https correctly when behind a proxy/loadbalancer
Reported by: | xeli | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.6 |
Component: | HTTP API | Keywords: | |
Focuses: | Cc: |
Description
The wordpress is_ssl() does not check the HTTP-X-Forwarded-Proto http header to determine if the site is on ssl.
This cause all assets (css/js/images) to be served as http rather than https.
The fix is rather easy in wp-include/functions.php change:
function is_ssl() { if ( isset($_SERVER['HTTPS']) ) { if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true; if ( '1' == $_SERVER['HTTPS'] ) return true; } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { return true; } return false; }
to
function is_ssl() { if ( isset($_SERVER['HTTPS']) ) { if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true; if ( '1' == $_SERVER['HTTPS'] ) return true; } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { return true; } elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) { return true; } return false; }
Change History (3)
Note: See
TracTickets for help on using
tickets.
#24394 and #19337 and #15733
In particular:
http://core.trac.wordpress.org/ticket/19337#comment:4