[Plugin: WP Super Cache] Insecure warning on https sites with configured CDN

I don’t have https enabled on any of my sites. Can you debug this? Use something like this to log what goes through there:

error_log( $_SERVER[ 'REQUEST_URI' ] . " " . substr( $match[0], 0, 5 ) );

And check your PHP error log.

After trying that myself, I spotted an error. Change 5 in the substr() command to 4. Does that help?

Edit: Never mind. I was seeing something odd when I debugged it but 5 has to be right.

Putting in this:

error_log( “uri: ” . $_SERVER[ ‘REQUEST_URI’ ] . ” ” . $match[0] );

Gives me:

[Wed Oct 12 18:47:46 2011] [error] [client 0.0.0.0] FastCGI: server "/usr/local/bin/php5-fpm" stderr: uri: / https://my.host/wp-content/uploads/2010/06/ScreenShot_062610_020430-e1277540711226-480x255.jpg, referer: https://my.host/

As you can see Request URI is coming back as ‘/’.

I have however discovered what I believe the issue is. When adding images using the WordPress editor they are embedded with a full URI. Including the ‘https://’ bit. I’m not sure the plugin is at fault here but it’s still an issue. The content should have root relative links surely?

Yeah, that looks like it. The images have http rather than https urls. Do you use the backend using SSL or not?

I setup SSL using define('FORCE_SSL_ADMIN', true); in my config file. I figured that since it was all setup anyway I should probably test accessing the site itself with SSL just incase someone preferred to. I hadn’t realised that the image URLs were hard coded like this and that they would cause an issue.

I could go through and begin making all the images relative addressed but then the CDN functionality wouldn’t work at all since it checks for the site_url before processing.