From 7757d04ce36c673d56c001318dcf68a26ca9e9fd Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 22 Oct 2015 00:08:26 +0000 Subject: [PATCH] Force the REST API URL to use `https` for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL. This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area. Fixes #34299 Built from https://develop.svn.wordpress.org/trunk@35351 git-svn-id: http://core.svn.wordpress.org/trunk@35317 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api/rest-functions.php | 7 +++++++ wp-includes/version.php | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/wp-includes/rest-api/rest-functions.php b/wp-includes/rest-api/rest-functions.php index 947efce90e..c3f6be0d43 100644 --- a/wp-includes/rest-api/rest-functions.php +++ b/wp-includes/rest-api/rest-functions.php @@ -254,6 +254,13 @@ function get_rest_url( $blog_id = null, $path = '/', $scheme = 'rest' ) { $url = add_query_arg( 'rest_route', $path, $url ); } + if ( is_ssl() ) { + // If the current host is the same as the REST URL host, force the REST URL scheme to HTTPS + if ( $_SERVER['SERVER_NAME'] === parse_url( get_home_url( $blog_id ), PHP_URL_HOST ) ) { + $url = set_url_scheme( $url, 'https' ); + } + } + /** * Filter the REST URL. * diff --git a/wp-includes/version.php b/wp-includes/version.php index 162fc260c7..5fc4e6c009 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-35350'; +$wp_version = '4.4-alpha-35351'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.