Open janrenn opened 8 years ago
That was the original code, the reason why I changed it is https://github.com/lesterchan/wp-polls/pull/19 and it makes sense, so unlikely I will change this.
Also with Let's Encrypt, you can use a proper free SSL cert rather than a self-signed one.
Yes, you are right. There can be a dispute if it is more rare to use self-signed certificate for WP admin login or to augment FORCE_SSL_ADMIN
with mod_rewrite what was the reason to change in lesterchan/wp-polls#19.
Notice that not null
, but "admin" is default scheme, if you do not use second parameter in admin_url()
, then set_url_scheme()
tests is_ssl() || force_ssl_admin()
. It thinks we are in Admin. But we are not, we're on public page. Should the plugin respect rather fact we call a component from admin folder or rather actual context? I really do not expect that any plugin will call HTTPS if only FORCE_SSL_ADMIN
is on.
Anyway, it is disputed, the main issue here is WP architecture which uses admin folder calls for AJAX components from front-end, it should be separated. For those, who face issues with HTTPS calls from HTTP page as me: use admin_url
filter to choose the intended plugin behavior, e.g.
// somewhere in functions.php
function repair_postratings_admin_ajax( $url, $path ) {
if ( $path == 'admin-ajax.php' && is_ssl() == FALSE ) {
return str_replace( 'https:', 'http:', $url );
}
return $url;
}
add_filter( 'admin_url', 'repair_postratings_admin_ajax', 20, 2 );
Thank you.
Consider WP configuration where admin is under HTTPS and frontend still on HTTP protocol (
FORCE_SSL_ADMIN
is on).wp-postratings.php
then generatesajax_url
usingadmin_url()
without protocol check.If one uses self-signed certificate (acceptable for admin login purposes), Postratings will not work - the AJAX POST request on admin-ajax.php by WP-Postratings will be blocked (visitor does not have the certificate among security exceptions). The line 169 of
wp-postratings.php
should better read:'ajax_url' => admin_url('admin-ajax.php', ( is_ssl() ? 'https' : 'http' )),