[wp-trac] [WordPress Trac] #25222: Detect https correctly when behind a proxy/loadbalancer
WordPress Trac
noreply at wordpress.org
Tue Sep 3 12:55:14 UTC 2013
#25222: Detect https correctly when behind a proxy/loadbalancer
--------------------------+-----------------------------
Reporter: xeli | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
The wordpress is_ssl() does not check the HTTP-X-Forwarded-Proto http
header to determine if the site is on ssl.
This cause all assets (css/js/images) to be served as http rather than
https.
The fix is rather easy in wp-include/functions.php change:
{{{
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
if ( 'on' == strtolower($_SERVER['HTTPS']) )
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' ==
$_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
}}}
to
{{{
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
if ( 'on' == strtolower($_SERVER['HTTPS']) )
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' ==
$_SERVER['SERVER_PORT'] ) ) {
return true;
} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
return true;
}
return false;
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25222>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list