Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#43127 closed feature request (invalid)

Error with Mixed Content when using https

Reported by: jeremyschiff's profile jeremyschiff Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Hi all,

We run a microservices architecture, where we proxy inbound requests to internal services. The inbound requests are in HTTPS, but the request to the wordpress server is proxied via HTTP once inside our VPN. As a result, the service mis-identifies the protocol as https, and gives a mixed content error (we enforce all content is requested via https, so things like javascript and CSS were failing to load) and much of the site refuses to load. Would it be possible to add a parameter that would allow us to force HTTPS in all links, and disable https redirect on admin? I was able to do this with the following code edits, but need this merged in so that our solution is sustainable.

-Jeremy

=============================================

I added to wp-config.php:

define('FORCE_NO_SSL_ADMIN', TRUE);
define('FORCE_SCHEME', 'https');

In linkTemplate.php's method for set_url_scheme, I enabled the following control.

function set_url_scheme( $url, $scheme = null ) {
$orig_scheme = $scheme;
if (defined('FORCE_SCHEME') && FORCE_SCHEME) {
$scheme = FORCE_SCHEME;
} elseif ( ! $scheme ) {
...

In default-constants.php, we modify this so we don't get stuck in an infinite loop, as the https occurs through the proxy server

function wp_ssl_constants() {
if ( !defined( 'FORCE_SSL_ADMIN' ) ) {
if (defined('FORCE_NO_SSL_ADMIN') && FORCE_NO_SSL_ADMIN) {
define( 'FORCE_SSL_ADMIN', false );
} elseif ( 'https' === parse_url( get_option( 'siteurl' ), PHP_URL_SCHEME ) ) {
...

Change History (6)

#1 @jeremyschiff
6 years ago

  • Component changed from General to Customize
  • Type changed from defect (bug) to feature request

This ticket was mentioned in Slack in #core by jeremyschiff. View the logs.


6 years ago

#3 @dlh
6 years ago

  • Component changed from Customize to General
  • Version 4.9.2 deleted

Hi @jeremyschiff, and welcome to WordPress Trac.

I'm moving this ticket out of the Customize component only because that component is for the Customizer, and it doesn't sound like this feature request is related to the Customizer specifically.

#4 @westonruter
6 years ago

@jeremyschiff If I understand the issue, I think what you should do is do the HTTPS identification in your wp-config.php and manually set $_SERVER['HTTPS'] to on. This will in turn then cause is_ssl() to return true.

See also #31288.

#5 @jeremyschiff
6 years ago

  • Resolution set to invalid
  • Status changed from new to closed

This seems to fix it without the code changes:

    /* SSL Settings */
    define('FORCE_SSL_ADMIN', true);

    /* Turn HTTPS 'on' if HTTP_X_FORWARDED_PROTO matches 'https' */
    if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
        $_SERVER['HTTP{{{#!phpS'] = 'on';
    }
Last edited 6 years ago by jeremyschiff (previous) (diff)

#6 @netweb
6 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.