Stylesheets in WordPress Referenced with HTTPS

Posted on October 12, 2009 by Vincent Kong

UPDATE: Instead of changing multiple files, I finally decided to edit the is_ssl() function in the wp-includes/functions.php.

old code:

function is_ssl() {
        if ( isset($_SERVER['HTTPS']) ) {
                if ( 'on' == strtolower($_SERVER['HTTPS']) )
                        return true;
                if ( '1' == $_SERVER['HTTPS'] )
                        return true;
        } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
                return true;
        }
}

new code:

function is_ssl() {
        if ( isset($_SERVER['HTTPS']) ) {
                if ( 'on' == strtolower($_SERVER['HTTPS']) )
                        return true;
                if ( '1' == $_SERVER['HTTPS'] )
                        return true;
        }
        else {
                return false;
        }
}

The disadvantage of this is that the login page will NOT be referring to https when accessing the site with via http.

UPDATE: As of version 3.0 another custom change needed to be made to fix the https referencing.

Open wp-includes/functions.phpand comment out the line:

function wp_guess_url() {
...
//$schema = is_ssl() ? 'https://' : 'http://';

UPDATE: As of version 2.8.5 a new JavaScript in WordPress is also always referencing https

<script type='text/javascript' src='https://www.vincentkong.com/wp-includes/js/jquery/jquery.js?ver=1.3.2'></script>

To resolve this open wp-includes/script-loader.php and comment out the line indicated below:

function wp_default_scripts( &$scripts ) {

        //if ( !$guessurl = site_url() )
                $guessurl = wp_guess_url();
Since version 2.7 I’ve noticed that stylesheets in WordPress have been referenced with https regardless if the request was made through http or https.  After waiting for through several version upgrades (until 2.8.4) to address this, I decided to see if I can resolve it myself.

Problem:

Stylesheets are always returning https since 2.7 as shown in the source code:

<link rel="stylesheet" href="https://www.vincentkong.com/wp-content/themes/glossyblue-1-4/style.css" type="text/css" media="all" />

Cause:

The cause of the problem is due to the following code found in the  wp-includes/link-template.php.  More specifically with the line if ( is_ssl() ) since it seems to always return true if you have SSL enabled for the website.

/**
 * Retrieve the url to the content directory.
 *
 * @package WordPress
 * @since 2.6.0
 *
 * @param string $path Optional. Path relative to the content url.
 * @return string Content url link with optional path appended.
*/
function content_url($path = '') {
 $scheme = ( is_ssl() ? 'https' : 'http' );
 $url = WP_CONTENT_URL;
 if ( 0 === strpos($url, 'http') ) {
 if ( is_ssl() )
 $url = str_replace( 'http://', "{$scheme}://", $url );
 }

 if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
 $url .= '/' . ltrim($path, '/');

 return apply_filters('content_url', $url, $path);
}

Solution:

As a quick solution I commented the portion of code which was causing the issue.  I don’t know what is the side effect of this, but I haven’t ran into any issues yet.

 if ( 0 === strpos($url, 'http') ) {
 if ( is_ssl() )
 $url = str_replace( 'http://', "{$scheme}://", $url );
 }

Related posts:

  1. WordPress Plugins
  2. Permalinks in WordPress
  3. WordPress Quickstart Guide
  4. Migrating to WordPress 2.5.1
  5. Stopping Spam in WordPress
This entry was posted in Content Management, WordPress and tagged , . Bookmark the permalink.

Comments are closed.