Image SRC Attributes In Admin Are HTTP Even With FORCE_SSL_ADMIN Set

  • The title pretty much summarizes the issue. All my sites that have FORCE_SSL_ADMIN set to “true” in wp-config.php are still setting the src attributes for the site icon, product thumbnails for Woocommerce, and Media Library thumbnails to HTTP instead of HTTPS, giving the dreaded “Connection Is Not Secure” warnings in Firefox, even with a dedicated SSL certificate.

    I can work around this by setting the “home” and “site url” both to use HTTPS, but it slows down the sites’ loading times, and most of the pages don’t require SSL.

    The front end of the sites is not affected. I posted on the Woocommerce forum, and the developer pointed the finger at WordPress.

    I’m not having any issue with HTTPS loops as described here. The admin side works fine except for the content warnings. Woocommerce moves in and out of HTTPS as it should.

    Is there a workaround for this (other than using HTTPS for the entire site), or a fix on the way?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Media inserts will work off of that same HTTP/S protocol you have set in the WordPress and Site Addresses, this is because WordPress uses absolutely URLs and is not protocol independent.

    We actually did have the media inserts work off of FORCE_SSL_ADMIN for a short version, but it broke quite a few other things and collected quite a few complaints, as HTTP sites were now displaying HTTPS images.

    So, at this time, the only solution is to either deal with having an HTTP image in the HTTPS editor (which actually isn’t a huge problem, it’s just an image file), or switch the entire site HTTPS-only (which quite a few sites have been doing recently).

    Thread Starter linux4me2

    (@linux4me2)

    Thanks for the reply James.

    It wouldn’t be as big a problem to allow the HTTP images, but for Woocommerce products, the alt attribute of the images is displayed by the browser instead of the HTTP thumbnails, and that text obscures the title of the products. Along with the security warnings, that’s what prompted complaints from my clients.

    It seems like the WordPress could go protocol-independent with its absolute URLs for images and not break anything, but without knowing more I can’t be sure.

    Moderator James Huff

    (@macmanx)

    Yes, this is one of the many reasons why many folks are going HTTPS for the whole site now. It’s just easier that way. ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Image SRC Attributes In Admin Are HTTP Even With FORCE_SSL_ADMIN Set’ is closed to new replies.