Login page over HTTPS uses the wrong scheme for minified assets

[haroldkyle]

Problem: Minified URLs for CSS and JS won't load when visiting the wp-login.php page over HTTPS.

Reason: This is a cross-origin request problem, because the scheme for the minified assets is HTTP.

BXP_MINIFY::_get_http_host() relies on WordPress's home_url() function to determine the host and the scheme. The problem arises on the wp_login page, because home_url() behaves a little differently, as you can see in link-template.php. Because 'wp-login.php' !== $GLOBALS['pagenow'], WordPress returns the raw option for 'home' without setting the scheme explicity. So, this means that home_url() returns http://www.example.com (unless the database has the https scheme, which is probably not the case on most installations).

I'm not sure why WordPress handles the login page like this. I do see that you can set the scheme explicity when calling home_url() as the second parameter, which might be a good solution.

$scheme = is_ssl() : 'https' ? 'http';
$home_url  = home_url( null, $scheme );

[haroldkyle]

Here is the rationale behind this in home_url() and the commit in trax. This may be an unintended side effect of the fix for the broken image?

[OddOneOut]

Good catch, fixed in my local :-).