[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not

WordPress Trac noreply at wordpress.org
Tue May 5 07:54:34 UTC 2015


#32112: wp_get_attachment_url returns https when it should not
--------------------------+---------------------------
 Reporter:  zabatonni     |       Owner:  boonebgorges
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  4.2.2
Component:  Media         |     Version:  4.2
 Severity:  normal        |  Resolution:
 Keywords:  fixed-major   |     Focuses:
--------------------------+---------------------------

Comment (by dfisek):

 The post 4.2 behavior makes the use of FORCE_SSL_ADMIN meaningless (and
 IMHO should be fixed). This feature is used when the admin interface is
 served via https but the site itself is served via http.

 Many popular browsers' (like Firefox, Chrome) security settings don't like
 mixed http/https content in a single page. In that case, they don't
 display the content that is served by a different protocol other than the
 requested one by default (if http://site is requested, additional content
 requested from https://site is not shown to the user).

 This default behavior forces us to serve a page's all content via http or
 https. That's why the post-4.2 behavior is disruptive.

 IMHO, the ultimate solution would be fixing the media upload function so
 that it doesn't insert full static url's into site content, but rather use
 a code to dynamically construct the site url according to site settings
 and requested protocol (like Drupal).

 But currently we do have to fix this bug urgently, since it's actively
 causing mixed content trouble.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list