Incorrect URL scheme for media in the admin area when using administration over HTTPS
|Reported by:||johnbillion||Owned by:||jeremyfelt|
|Component:||Media||Keywords:||https has-patch needs-testing|
It seems that we no longer have a ticket addressing this issue.
On a site where siteurl and home use the http scheme but FORCE_SSL_ADMIN (or force_ssl_admin()) is set to true, media in the admin area is incorrectly served with the http scheme and therefore produces mixed content warnings. When siteurl uses the https scheme, media is served over https as expected.
This affects the media library, the media manager, featured images, comments on attachments, actively editing an image on its attachment editing screen, and media-new.php.
Curiously, the attachment editing screen itself isn't affected until you click 'Edit Image', which means there's most likely a bug there.
This was previously tackled by #15928 () for 4.2, but was reverted in #32112 () for 4.2.2 because it resulted in media with the https scheme being inserted into post content, which is not desirable (eg. due to a self-signed cert or restrictions placed on access to the https host).
It's likely that altering the behaviour of wp_get_attachment_url() will have unintended consequences (as above), so we might need to consider the introduction of a new function which is used specifically for media item URLs in the admin context. The introduction of a $scheme parameter to wp_get_attachment_url() might work, but probably not.