id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 34109 Incorrect URL scheme for media in the admin area when using administration over HTTPS johnbillion jeremyfelt "It seems that we no longer have a ticket addressing this issue. On a site where `siteurl` and `home` use the `http` scheme but `FORCE_SSL_ADMIN` (or `force_ssl_admin()`) is set to true, media in the admin area is incorrectly served with the `http` scheme and therefore produces mixed content warnings. When `siteurl` uses the `https` scheme, media is served over `https` as expected. This affects the media library, the media manager, featured images, comments on attachments, actively editing an image on its attachment editing screen, and media-new.php. Curiously, the attachment editing screen itself isn't affected until you click 'Edit Image', which means there's most likely a bug there. This was previously tackled by #15928 ([31614]) for 4.2, but was reverted in #32112 ([32342]) for 4.2.2 because it resulted in media with the `https` scheme being inserted into post content, which is not desirable (eg. due to a self-signed cert or restrictions placed on access to the `https` host). It's likely that altering the behaviour of `wp_get_attachment_url()` will have unintended consequences (as above), so we might need to consider the introduction of a new function which is used specifically for media item URLs in the admin context. The introduction of a `$scheme` parameter to `wp_get_attachment_url()` ''might'' work, but probably not." defect (bug) closed normal Media major wontfix https has-patch needs-testing bulk-reopened administration