From 103fba767903ddb32c9a238a35233f5d3e428abc Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 18 May 2012 20:09:53 +0000 Subject: [PATCH] Load the customize preview over ssl if the customize admin page is loaded over ssl and the frontend and admin are on the same domain. This avoids insecure content warnings and allows a more complete preview in browsers such as Chrome that block loading of css until user confirmation allows mixed content loading. see #20702 git-svn-id: http://core.svn.wordpress.org/trunk@20829 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/customize-controls.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/wp-includes/customize-controls.php b/wp-includes/customize-controls.php index 31a3cf35c..0ca6b0932 100644 --- a/wp-includes/customize-controls.php +++ b/wp-includes/customize-controls.php @@ -92,13 +92,27 @@ do_action( 'customize_controls_print_scripts' ); do_action( 'customize_controls_print_footer_scripts' ); + // If the frontend and the admin are served from the same domain, load the + // preview over ssl if the customizer is being loaded over ssl. This avoids + // insecure content warnings. This is not attempted if the admin and frontend + // are on different domains to avoid the case where the frontend doesn't have + // ssl certs. Domain mapping plugins can force ssl in these conditions using + // the customize_preview_link filter. + $admin_origin = parse_url( admin_url() ); + $home_origin = parse_url( home_url() ); + $scheme = null; + if ( is_ssl() && ( $admin_origin[ 'host' ] == $home_origin[ 'host' ] ) ) + $scheme = 'https'; + + $preview_url = apply_filters( 'customize_preview_link', home_url( '/', $scheme ) ); + $settings = array( 'theme' => array( 'stylesheet' => $this->get_stylesheet(), 'active' => $this->is_current_theme_active(), ), 'url' => array( - 'preview' => esc_url( home_url( '/' ) ), + 'preview' => esc_url( $preview_url ), 'parent' => esc_url( admin_url() ), 'ajax' => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ), ),