search

mvied / wordpress-https

WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
http://wordpress.org/extend/plugins/wordpress-https/
95 stars 41 forks source link

Swaps HTTPS protocol When It Shouldn't #26

Closed jeffvincent closed 6 years ago

jeffvincent commented 10 years ago

When pages are being served over HTTP, seems like plugin might be forcing all assets on the page to load over HTTP, even if they are currently being served over HTTPS.

It looks like there may be special rules set up for certain 3rd party services that serve all assets over HTTPS (which is what we are doing as well). Might it be better to just update the logic to no longer re-write existing https protocol assets to http?

Quick example:

URL returned from oEmbed endpoint:

https://embed-ssl.wistia.com/deliveries/7f61297610e97f9a49e630f014c4e60bfd58eaa6.jpg

Note https protocol and ssl-specific subdomain.

Plugin re-writes to:

http://embed-ssl.wistia.com/deliveries/7f61297610e97f9a49e630f014c4e60bfd58eaa6.jpg

which results in a 404.

headstash commented 6 years ago

The latest version should handle these kinds of cases using URL Mapping or the URL Filtering which allows you to force particular patterns to HTTPS or HTTP.