admin-ajax.php is still on HTTP causing mixed content issue
-
The plugin http-https-remover seems to be doing a great job so far.
So thank you very much for creating it.I have a WP 4.8.4 multi-site installation working fine behind Haproxy as SSL terminator.
I have been running into issues when trying to update plugins or themes in the WP admin console.
load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils&ver=4.8.4:4 Mixed Content: The page at 'https://mydomain.com/wp-admin/network/themes.php' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'https://mydomain.com/wp-admin/admin-ajax.php'. This request has been blocked; the content must be served over HTTPS.Looking at my wordpress 4.8.4 admin UI html source, I can see a large block of javascript with variables like
var _wpUtilSettings = { "ajax": { "url": "http:\/\/mydomain.com\/wp-admin\/admin-ajax.php" } };as well as another variable
var thickboxL10n = { "next": "Next >", "prev": "< Prev", ... "loadingAnimation": "http:\/\/mydomain.com\/wp-includes\/js\/thickbox\/loadingAnimation.gif" };.
I have traced this down to
https://github.com/WordPress/WordPress/blob/7c77266b9bb2f1882dd345a460f56f62a14bf0ed/wp-includes/link-template.php#L3206and most importantly to
Seems the wordpress internal code for retrieving URL still seems HTTP as that is what Apache is serving.
Another interesting finding is
is_ssl()
at
https://github.com/WordPress/WordPress/blob/aaf99e691391cfceb004d848450dbbf3344b1bee/wp-includes/load.php#L1034
which is using$_SERVER['HTTPS']Maybe, we should also be checking
_SERVER["HTTP_X_FORWARDED_PROTO"]for when we are behind a reverse proxy?Note that as I am behind a reverse-proxy, Apache running WP does it’s usual HTTP handling and does not deal with the HTTPS part of things.
Any hint about how to fix this admin-ajax.php issue will be appreciated.
Thank you very much.
Arcadius
- The topic ‘admin-ajax.php is still on HTTP causing mixed content issue’ is closed to new replies.
