From 9c2fe1c948a8ea88f57626315412c1281d365a16 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Fri, 18 May 2012 20:09:53 +0000 Subject: [PATCH] Load the customize preview over ssl if the customize admin page is loaded over ssl and the frontend and admin are on the same domain. This avoids insecure content warnings and allows a more complete preview in browsers such as Chrome that block loading of css until user confirmation allows mixed content loading. see #20702 git-svn-id: https://develop.svn.wordpress.org/trunk@20829 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/customize-controls.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/wp-includes/customize-controls.php b/wp-includes/customize-controls.php index 31a3cf35c7..0ca6b0932d 100644 --- a/wp-includes/customize-controls.php +++ b/wp-includes/customize-controls.php @@ -92,13 +92,27 @@ do_action( 'customize_controls_print_scripts' ); do_action( 'customize_controls_print_footer_scripts' ); + // If the frontend and the admin are served from the same domain, load the + // preview over ssl if the customizer is being loaded over ssl. This avoids + // insecure content warnings. This is not attempted if the admin and frontend + // are on different domains to avoid the case where the frontend doesn't have + // ssl certs. Domain mapping plugins can force ssl in these conditions using + // the customize_preview_link filter. + $admin_origin = parse_url( admin_url() ); + $home_origin = parse_url( home_url() ); + $scheme = null; + if ( is_ssl() && ( $admin_origin[ 'host' ] == $home_origin[ 'host' ] ) ) + $scheme = 'https'; + + $preview_url = apply_filters( 'customize_preview_link', home_url( '/', $scheme ) ); + $settings = array( 'theme' => array( 'stylesheet' => $this->get_stylesheet(), 'active' => $this->is_current_theme_active(), ), 'url' => array( - 'preview' => esc_url( home_url( '/' ) ), + 'preview' => esc_url( $preview_url ), 'parent' => esc_url( admin_url() ), 'ajax' => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ), ),