Open lkraav opened 10 years ago
EDIT I tested the enhanced regex and it's creating good URLs.
Maybe this can make for a 0.9.9? I noticed 1.0 had a lot of changes and I know you don't have a lot of time. It would be nice to get all my customers SSL-ready with this, though.
A better solution is to actually use the home_url() function as follows:
$src = home_url( trailingslashit( DIRECTORY_SEPARATOR . self::$options['endpoint'] ) );
Protocol relative urls are unfortunately not fool proof and I have had problems with them in the past. Its better to always use https: on a resource include even on http: pages, if ssl is available, than a protocol relative url.
@lkraav thoughts on an alternative approach in #69?
site_url() and home_url() seem to be exactly the same thing in this scenario.
@msigley the main problem here is how do you know if SSL is available if the WP home/site URLs are set to "http", but the site is loaded over "https"? If you force https and it isn't configured, that's a dead broken request right there. It's a pretty vague claim of "had problems in the past" IMHO and should require significantly more proof to influence @westonruter decision here.
So far I see nothing that trumps the protocol-relative approach.
@lkraav a more recent example I had of the downside of protocol-relative urls was including a javascript file from Authorize.net on one of my websites. The browser was trying to request the http version first, which wasn't available, then requested the https version which was. All of this added significant load time to the page. Its actually trivial to check if the site is being loaded via https. Common methods are checking for port 443, https:// at the beginning of the url string, or the $_SERVER['https'] variable. Wordpress implements all of these methods already in the is_ssl() function which is implemented into both home_url() and site_url(). home_url() and site_url() are not the same as well. home_url() returns the domain using for the front facing site of Wordpress using the proper protocol. site_url() will return the same thing in most cases except when used on multisite where the admin domain is different from the front facing domain. Take a gander at /wp-includes/link-template.php. I suggested home_url() because its more fool proof in this use case.
I don't think it is going to matter if the URLs being returned retain the protocol or if they are protocol-less. The URLs are only for the minified scripts on the same domain as the site you're on, and so of course HTTPS will be available if the page itself is loading over HTTPS. It's not manipulating the src for scripts on other domains. So probably #69 is going to be a better bet, though it should use home_url()
instead.
Actually, see ad5eb951244b39dc9a8ca8f25bbdabf8af7fadd8:
Replace home_url() with get_option( 'home' )
- Allows plugin to work with other plugins or themes who have filtered home_url
It seems that using home_url()
(or site_url()
) alone may be problematic.
we are currently using get_option( "home" ) to build the $src address. wordpress does not support protocol relative home address still as of 3.9, see https://core.trac.wordpress.org/ticket/21153