3

We run a Wordpress 4.0/Buddypress setup and ever since we switched to SSL all ajax functions are not working because the ajaxurl variable is still reading "http".

<script type="text/javascript">
 /* <![CDATA[ */
 var ajaxurl = 'http://website.com/wp-admin/admin-ajax.php';
 /* ]]> */
</script>

This code is added to wp_head automatically so we're not really sure how to update it. We just need to switch http to https.

Does anyone know how we can do this?

We get this error each time ajax is required: [blocked] The page at 'https://website.com/users' was loaded over HTTPS, but ran insecure content from 'http://website.com/wp-admin/admin-ajax.php': this content should also be loaded over HTTPS.

Howli
  • 12,291
  • 19
  • 47
  • 72
FLUXXUATE
  • 43
  • 1
  • 7

2 Answers2

3

The ajaxurl variable gets its value from the admin_url() function, which in turn figures out whether or not to do https based on the result of the is_ssl() function.

So, basically, if you're not getting https in your ajaxurl, the is_ssl() function isn't properly detecting SSL on your site.

If you're behind a load balancer or reverse proxy that supports HTTP_X_FORWARDED_PROTO (like ELB), add the following to wp-config.php, per the documentation:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
     $_SERVER['HTTPS'] = 'on';

If that doesn't work, take a look at the gist that's linked in the Notes section for the is_ssl() documentation. You should add that to your plugins directory.

Kirby
  • 15,127
  • 10
  • 89
  • 104
Logan
  • 53
  • 5
2

I also have this problem with Wordpress, particularly because I use CloudFlare Flexible SSL.

I did this quick and dirty patch on /wp-includes/load.php

function is_ssl() {
        if ( isset( $_SERVER['HTTP_CF_VISITOR'] ) ) {
            if ( strpos($_SERVER['HTTP_CF_VISITOR'], "https") !== "false" ){
                return true;
            }
        }

        if ( isset( $_SERVER['HTTPS'] ) ) {
                if ( 'on' == strtolower( $_SERVER['HTTPS'] ) ) {
                        return true;
                }

                if ( '1' == $_SERVER['HTTPS'] ) {
                        return true;
                }
        } elseif ( isset($_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
                return true;
        }
        return false;
}

This helped with the ajax calls from the admin that were blocking lots of plugins' functionality.

Nick M
  • 2,424
  • 5
  • 34
  • 57