[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not
WordPress Trac
noreply at wordpress.org
Fri Apr 24 14:37:16 UTC 2015
#32112: wp_get_attachment_url returns https when it should not
--------------------------+------------------------------
Reporter: zabatonni | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 4.2
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by boonebgorges):
Replying to [comment:3 zabatonni]:
> Yes, its in Add media so it influences all wysiwyg and meta boxes.
Before it worked depending that WP_CONTENT_URL constant.
Gotcha. The previous behavior was that you'd be at https://site.tld/wp-
admin, and your images would be inserted with http://site.tld/ `src`
attributes. This was a bug, because it meant that the security of your
https request was compromised by the presence of non-https resources.
The question, then, is front-end behavior. The decision in #15928 was that
it's better to fix the bug just described and deliver https assets on the
front end. Is this fix causing side effects for you? In other words, what
is the harm in delivering images over HTTPS when it's possible to do so?
You can, of course, change this behavior with a rewrite rule, or with a
filter on `'the_content'`, for the purposes of your own site, but I'm
wondering whether there's some general reason why HTTPS assets would be
harmful in these cases.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list