Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#52730 new defect (bug)

Mixed content error with RSS widget

Reported by: gregmagn1's profile gregmagn1 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.6.2
Component: Widgets Keywords: needs-patch reporter-feedback
Focuses: ui Cc:


To avoid SSL Mixed content warning, it is needed to force the RSS icon to load with https

Change History (4)

#1 @sabernhardt
3 years ago

  • Component changed from General to Widgets

#2 @sabernhardt
3 years ago

@gregmagn1 Thanks for the report!

If your WordPress Address (Site URL) setting uses "https" then I don't think the icon should be served insecurely (unless a plugin filters includes_url).

However, this might be a good situation for using the includes_url function's "relative" argument in class-wp-widget-rss.php:

$icon = includes_url( 'images/rss.png', 'relative' );

If forcing secure, it could be more like this:

$scheme = is_ssl() ? 'https' : null;
$icon   = includes_url( 'images/rss.png', $scheme );

#3 @gregmagn1
3 years ago

Hi. My WordPress address use https. All other pictures, icons and plugins contents served secured content correctly. The only icon that makes problem with "Mixed Content Warning" is the RSS plugin icon ...

#4 @desrosj
3 years ago

  • Keywords reporter-feedback added

Hi @gregmagn1,

Can you provide some additional details? Which theme are you using? Also, have you tested this on a fresh install?

@sabernhardt is correct in that the RSS icon is output by passing the URL through the includes_url() function. Ultimately, is_ssl() is called to detect whether the site supports SSL or not.

It's likely code on your site is either filtering the result of includes_url() or set_url_scheme(), or something is incorrectly configured causing WordPress to guess wrong in this situation, It could also be an issue in Core, but there is not enough information for the reasons to be clear yet.

Note: See TracTickets for help on using tickets.