HTTP-iframe used on HTTPS-webpage due to caching

  • Resolved greenlightsolutions

    (@greenlightsolutions)


    7 years, 1 month ago

    On a site which is accessible through both HTTP and HTTPS, if you visit the HTTP-version of a webpage prior to visiting the HTTPS version, the IFrame used on both pages uses an HTTP-URL (and hence is not displayed on the HTTPS webpage).

    This appears to be caused by the caching mechanism used by the GoodReviews plugin itself: if I hack the ‘get_transient’ test in jhgrclasses.php::jhgrParseShortcode() to act as if no transient was stored, I get an HTTPS-IFrame on the HTTPS-webpage.

    Probably one of 4 approaches should be used to fix this problem:
    a) the protocol for the requested webpage should be included when determining the cache-ID to use
    b) the IFrame should always use an https-URL
    c) the result of the decision ‘http or https’ should not be included in what is cached
    d) the cache-result should be modified after retrieval to change http-URLs to https if necessary

    I am currently leaning towards approach b). Is there a drawback to this approach?

Viewing 1 replies (of 1 total)
  • Plugin Author jhanbackjr

    (@jhanbackjr)

    I think the only drawback to this method might be mixed security errors in browsers if the user loads an HTTP page with an HTTPS iframe. If you’re inclined to test this, an easy way to do so would be to comment out the following line (1173 in jhgrclasses.php):

    $jhgrSSL = (isset($_SERVER[‘HTTPS’])) || (is_ssl()) ? ‘https://’ : ‘https://’;

    and add this line in its place:

    $jhgrSSL = ‘https://’;

    Let me know if you test this and what your results are. If there are no mixed security errors as a result of that, I would be happy to modify the plugin so that the API call is always via HTTPS.

Viewing 1 replies (of 1 total)
  • The topic ‘HTTP-iframe used on HTTPS-webpage due to caching’ is closed to new replies.