How to update wordpress ajaxurl variable to use SSL?
We are running a Wordpress 4.0 / Buddypress setup and since we switched to SSL, all ajax functions are not working because the ajaxurl variable still reads "http".
<script type="text/javascript">
/* <![CDATA[ */
var ajaxurl = 'http://website.com/wp-admin/admin-ajax.php';
/* ]]> */
</script>
This code is automatically added to wp_head, so we're not sure how to update it. We just need to switch http to https.
Does anyone know how we can do this?
We get this error every time ajax is required: [blocked] The page at ' https://website.com/users ' was loaded over HTTPS but was using unsafe content from http://website.com/wp-admin/admin -ajax.php : This content must also be loaded over HTTPS.
source to share
The variable ajaxurl
gets its value from the admin_url () function , which in turn determines whether to do https
a result- based is_ssl () function .
So, basically, if you are not getting https
in yours ajaxurl
, the feature is is_ssl()
incorrectly detecting SSL on your site.
If you are behind a load balancer or reverse proxy that supports HTTP_X_FORWARDED_PROTO
(like ELB) add the following to wp-config.php
in the documentation:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
If that doesn't work, take a look gist
at those linked in the Notes section for documentation is_ssl()
. You have to add this to your plugins directory.
source to share
I also have this issue with Wordpress, especially since I am using CloudFlare Flexible SSL.
I made this quick and dirty patch at / wp -includes / load.php
function is_ssl() {
if ( isset( $_SERVER['HTTP_CF_VISITOR'] ) ) {
if ( strpos($_SERVER['HTTP_CF_VISITOR'], "https") !== "false" ){
return true;
}
}
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' == strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' == $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset($_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
This helped ajax calls from admin which blocked a lot of plugin functionality.
source to share