Modify ajax url to work properly with FORCE_SSL_ADMIN
|Reported by:||will_c||Owned by:|
With FORCE_SSL_ADMIN enabled on my site using BP 1.7-trunk and WP 3.5 I am experiencing issues with AJAX that are preventing the activity feed from functioning properly (I cannot make new updates or comment on existing activity items). I believe this problem is caused by having the ajax url using the https protocol rather than http.
To replicate this issue, turn on FORCE_ADMIN_SSL in your wp-config file and then try to post to the newsfeed (while browsing your site over http). In my testing, I receive an error saying:
"Are you sure you want to do this?
Please try again."
If you then switch to https browsing or disable FORCE_SSL_ADMIN, you should be able to post to the activity feed again.
I believe the issue is that admin_url() (in bp-core/bp-core-cssjs.php and bp-templates/bp-legacy/buddypress-functions.php) returns the https variant when FORCE_SSL_ADMIN is enabled (as it should). This causes problems in my setup for sites that are using http on the frontend.
My proposed solution would be to switch to using network_site_url('/wp-admin/admin-ajax.php'), which would also account for multisite installations, or using site_url('/wp-admin/admin-ajax.php') if it's preferable to only deal with single site installs at the moment.
This is my first patch for BuddyPress, so let me know if there are reporting conventions that I should follow in the future. Also, I realize there are probably other approaches to fixing this issue or there may be other logic behind the use of admin_url that I'm missing, so I'd appreciate any feedback.
Change History (16)
- Keywords commit added
- Keywords needs-patch needs-unit-tests added; dev-feedback commit removed
- Resolution fixed deleted
- Severity changed from normal to major
- Status changed from closed to reopened
- Keywords dev-feedback added
- Resolution set to fixed
- Status changed from reopened to closed