[buddypress-trac] [BuddyPress] #4761: Modify ajax url to work properly with FORCE_SSL_ADMIN

buddypress-trac noreply at wordpress.org
Fri Jan 11 19:43:06 UTC 2013 

#4761: Modify ajax url to work properly with FORCE_SSL_ADMIN
--------------------------+-----------------------------
 Reporter:  will_c        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Core          |    Version:  1.7
 Severity:  normal        |   Keywords:  dev-feedback
--------------------------+-----------------------------
 With FORCE_SSL_ADMIN enabled on my site using BP 1.7-trunk and WP 3.5 I am
 experiencing issues with AJAX that are preventing the activity feed from
 functioning properly (I cannot make new updates or comment on existing
 activity items). I believe this problem is caused by having the ajax url
 using the https protocol rather than http.

 To replicate this issue, turn on FORCE_ADMIN_SSL in your wp-config file
 and then try to post to the newsfeed (while browsing your site over http).
 In my testing, I receive an error saying:

 "Are you sure you want to do this?
 Please try again."

 If you then switch to https browsing or disable FORCE_SSL_ADMIN, you
 should be able to post to the activity feed again.

 I believe the issue is that admin_url() (in bp-core/bp-core-cssjs.php and
 bp-templates/bp-legacy/buddypress-functions.php) returns the https variant
 when FORCE_SSL_ADMIN is enabled (as it should). This causes problems in my
 setup for sites that are using http on the frontend.

 My proposed solution would be to switch to using network_site_url('/wp-
 admin/admin-ajax.php'), which would also account for multisite
 installations, or using site_url('/wp-admin/admin-ajax.php') if it's
 preferable to only deal with single site installs at the moment.

 This is my first patch for BuddyPress, so let me know if there are
 reporting conventions that I should follow in the future. Also, I realize
 there are probably other approaches to fixing this issue or there may be
 other logic behind the use of admin_url that I'm missing, so I'd
 appreciate any feedback.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4761>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list