[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not
WordPress Trac
noreply at wordpress.org
Tue May 5 07:54:34 UTC 2015
#32112: wp_get_attachment_url returns https when it should not
--------------------------+---------------------------
Reporter: zabatonni | Owner: boonebgorges
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.2.2
Component: Media | Version: 4.2
Severity: normal | Resolution:
Keywords: fixed-major | Focuses:
--------------------------+---------------------------
Comment (by dfisek):
The post 4.2 behavior makes the use of FORCE_SSL_ADMIN meaningless (and
IMHO should be fixed). This feature is used when the admin interface is
served via https but the site itself is served via http.
Many popular browsers' (like Firefox, Chrome) security settings don't like
mixed http/https content in a single page. In that case, they don't
display the content that is served by a different protocol other than the
requested one by default (if http://site is requested, additional content
requested from https://site is not shown to the user).
This default behavior forces us to serve a page's all content via http or
https. That's why the post-4.2 behavior is disruptive.
IMHO, the ultimate solution would be fixing the media upload function so
that it doesn't insert full static url's into site content, but rather use
a code to dynamically construct the site url according to site settings
and requested protocol (like Drupal).
But currently we do have to fix this bug urgently, since it's actively
causing mixed content trouble.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list