[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not

WordPress Trac noreply at wordpress.org
Fri Apr 24 14:37:16 UTC 2015

#32112: wp_get_attachment_url returns https when it should not
 Reporter:  zabatonni     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Media         |     Version:  4.2
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:

Comment (by boonebgorges):

 Replying to [comment:3 zabatonni]:
 > Yes, its in Add media so it influences all wysiwyg and meta boxes.
 Before it worked depending that WP_CONTENT_URL constant.

 Gotcha. The previous behavior was that you'd be at https://site.tld/wp-
 admin, and your images would be inserted with http://site.tld/ `src`
 attributes. This was a bug, because it meant that the security of your
 https request was compromised by the presence of non-https resources.

 The question, then, is front-end behavior. The decision in #15928 was that
 it's better to fix the bug just described and deliver https assets on the
 front end. Is this fix causing side effects for you? In other words, what
 is the harm in delivering images over HTTPS when it's possible to do so?
 You can, of course, change this behavior with a rewrite rule, or with a
 filter on `'the_content'`, for the purposes of your own site, but I'm
 wondering whether there's some general reason why HTTPS assets would be
 harmful in these cases.

Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list