[wp-trac] [WordPress Trac] #25222: Detect https correctly when behind a proxy/loadbalancer

WordPress Trac noreply at wordpress.org
Tue Sep 3 12:55:14 UTC 2013


#25222: Detect https correctly when behind a proxy/loadbalancer
--------------------------+-----------------------------
 Reporter:  xeli          |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 The wordpress is_ssl() does not check the HTTP-X-Forwarded-Proto http
 header to determine if the site is on ssl.

 This cause all assets (css/js/images) to be served as http rather than
 https.

 The fix is rather easy in wp-include/functions.php change:


 {{{
 function is_ssl() {
     if ( isset($_SERVER['HTTPS']) ) {
         if ( 'on' == strtolower($_SERVER['HTTPS']) )
             return true;
         if ( '1' == $_SERVER['HTTPS'] )
             return true;
     } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' ==
 $_SERVER['SERVER_PORT'] ) ) {
         return true;
     }
     return false;
 }
 }}}

 to


 {{{

 function is_ssl() {
     if ( isset($_SERVER['HTTPS']) ) {
         if ( 'on' == strtolower($_SERVER['HTTPS']) )
             return true;
         if ( '1' == $_SERVER['HTTPS'] )
             return true;
     } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' ==
 $_SERVER['SERVER_PORT'] ) ) {
         return true;
     } elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (
 $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
         return true;
     }
     return false;
 }

 }}}

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25222>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list