URL Generation in Genesis and WP

Community Forums Forums General Discussion URL Generation in Genesis and WP

This topic is: not resolved

This topic contains 3 replies, has 4 voices, and was last updated by  Summer 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #8326

    AntiSocialNetwork
    Participant

    Is basically broken.

    There I said it.  I have a site which is hidden behind a proxy server.  The WP machine is running a vanilla PHP install on Apache with no SSL cert.  The reason is that the blog is but one server in a cluster of many different machines with different jobs all living under a common domain (call it http://www.example.com).  There is a NGINX server in front of everything handling routing based on url paths.  The NGINX handles the SSL encryption and then communicates with backend servers using http.  Works fine.

    However – this means that the WP installation thinks it is operating under http rather than https.  Any test of headers in any code comes up with protocol http and not https.  So any absolute URLs generate such as for style sheets and JS files are being generated with a big fat http: in front and conservative browsers like Chrome are declining to load them as they are viewed as potential security threats.  The problem actually runs to the very core of WP but Genesis does its part to encourage the madness. There is a solution though.

    In order to fix our site I did the following modifications to the definition of CHILD_URL and PARENT_URL.  I did

    define( ‘CHILD_URL’, ltrim(get_stylesheet_directory_uri(),’htpsHTPS:’) );

    which crudely strips off any leading http/https protocol.  The reason this is OK is because RFC 3986 part 4.2 allows for protocol-less or protocol relative URLs. So instead of http://www.example.com it is fine to use //www.example.com and the browser will use whatever protocol was used to fetch the parent page.

    Please update your code to use protocol-relative URLs and join me in influencing WP developers to switch to protocol-relative URL generation. In the end, all our code will be more secure.

    Thanks

    #15097

    SoZo
    Moderator
    Post count: 1573

    +1


    John “Nicolas Flamel” Wright | SoZo’s design| John Wright Photography

    #64123

    slhuckstead
    Participant
    Post count: 2

    Did you hack Genesis core and replace their define with yours in init.php or did you put that someplace in the child theme? Regardless, niether are working for me. What’s the secret sauce?

    #64129

    Summer
    Participant
    Post count: 755

    I noticed YouTube started using those references in their embed codes a few months ago, and damned if I didn’t think it was a major typo on the part of one of my site’s contributors when I first saw it.

    If it helps cut down on those http/https fooferalls, I’m for it.


Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.