Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#34783 closed defect (bug) (duplicate)

SSL detection not reliable, as such mixed content and thus trouble

Reported by: xswatx's profile xSWATx Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3.1
Component: General Keywords:
Focuses: Cc:

Description

Scenario: Wordpress server is located on a HTTP server, SSL is added on the edge servers of the network. This means HTTP is being used internally and HTTPS is being used externally.

Result: As such the SSL detection (is_ssl) fails horribly and in turn, when SSL is enabled, you get mixed content webpages. These look broken since they're missing a lot of content (HTTP vs HTTPS).

My terrible workaround: force is_ssl to always return true AND regular expressions to forcefully rewrite remaining URLs from http to https, since my site is HTTPS only (no HTTP). Of course this is not upgrade safe.

Possible fixes: fix SSL detection in all of Wordpress and/or have a general "force SSL" configuration option.

This issue has been in Wordpress a while (at least since 4.1) and I want to get it properly fixed.

Change History (1)

#1 @johnbillion
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #31288.

Thanks for the report, @xSWATx, and welcome to WordPress Trac.

This is something that comes up often, but is not something that will be fixed due to the nature of handling client-provided headers, which is what's needed to address the issue. See here for more info.

The long and short of it is that this is a server-level configuration issue with reverse proxy web servers. It's not a WordPress issue, and it's not limited to WordPress. There's no need to modify the is_ssl() function. You just need to add something along the lines of the following to your wp-config.php file:

$_SERVER['HTTPS'] = 1;

If you're using Cloudflare Flexible SSL (or even if you're not), you may also want to take a look at the Cloudflare Flexible SSL plugin.

Note: See TracTickets for help on using tickets.