#43127 closed feature request (invalid)
Error with Mixed Content when using https
Reported by: | jeremyschiff | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Hi all,
We run a microservices architecture, where we proxy inbound requests to internal services. The inbound requests are in HTTPS, but the request to the wordpress server is proxied via HTTP once inside our VPN. As a result, the service mis-identifies the protocol as https, and gives a mixed content error (we enforce all content is requested via https, so things like javascript and CSS were failing to load) and much of the site refuses to load. Would it be possible to add a parameter that would allow us to force HTTPS in all links, and disable https redirect on admin? I was able to do this with the following code edits, but need this merged in so that our solution is sustainable.
-Jeremy
=============================================
I added to wp-config.php:
define('FORCE_NO_SSL_ADMIN', TRUE);
define('FORCE_SCHEME', 'https');
In linkTemplate.php's method for set_url_scheme, I enabled the following control.
function set_url_scheme( $url, $scheme = null ) {
$orig_scheme = $scheme;
if (defined('FORCE_SCHEME') && FORCE_SCHEME) {
$scheme = FORCE_SCHEME;
} elseif ( ! $scheme ) {
...
In default-constants.php, we modify this so we don't get stuck in an infinite loop, as the https occurs through the proxy server
function wp_ssl_constants() {
if ( !defined( 'FORCE_SSL_ADMIN' ) ) {
if (defined('FORCE_NO_SSL_ADMIN') && FORCE_NO_SSL_ADMIN) {
define( 'FORCE_SSL_ADMIN', false );
} elseif ( 'https' === parse_url( get_option( 'siteurl' ), PHP_URL_SCHEME ) ) {
...
Change History (6)
#1
@
6 years ago
- Component changed from General to Customize
- Type changed from defect (bug) to feature request
This ticket was mentioned in Slack in #core by jeremyschiff. View the logs.
6 years ago
#4
@
6 years ago
@jeremyschiff If I understand the issue, I think what you should do is do the HTTPS identification in your wp-config.php
and manually set $_SERVER['HTTPS']
to on
. This will in turn then cause is_ssl()
to return true
.
See also #31288.
#5
@
6 years ago
- Resolution set to invalid
- Status changed from new to closed
This seems to fix it without the code changes:
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);
/* Turn HTTPS 'on' if HTTP_X_FORWARDED_PROTO matches 'https' */
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTP{{{#!phpS'] = 'on';
}
Hi @jeremyschiff, and welcome to WordPress Trac.
I'm moving this ticket out of the Customize component only because that component is for the Customizer, and it doesn't sound like this feature request is related to the Customizer specifically.