Amplification requests, wrong enqueing of scripts

  • Resolved erlendeide

    (@erlendeide)


    5 years, 7 months ago

    buddypress-compliments/bp-compliments.php: define( ‘BP_COMPLIMENTS_URL’, plugin_dir_url( __FILE__ ) );
    buddypress-compliments/bp-compliments-core.php: wp_enqueue_script( ‘bp-compliments-js’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘js/bp-compliments.js’, array( ‘jquery’ ) );
    buddypress-compliments/bp-compliments-core.php: wp_register_style( ‘bp-compliments-css’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘css/bp-compliments.css’ );
    buddypress-compliments/includes/bp-compliments-taxonomies.php: wp_enqueue_script( ‘compliments-adminjs’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘js/admin.js’, array(), false, true );

    You must not enqueue scripts and css using the URL – plugin_dir_url(), but rather the plugin path. Currently, this makes WordPress request these files over http from itself.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stiofan

    (@stiofansisland)

    5 years, 7 months ago

    Hi @erlendeide,

    plugin_dir_url() is very much the correct function to use, it will set the schema to http or https automatically based on this function: https://developer.wordpress.org/reference/functions/is_ssl/

    If your site is running https and the files are being output as http then there are two possibilities:
    1. Your server is not setting $_SERVER[‘HTTPS’]
    2. Something is filtering the url, likely via ‘plugins_url’ filter to set it to http.

    Let me know if you need more help.

    Thanks,

    Stiofan

    Thread Starter erlendeide

    (@erlendeide)

    5 years, 7 months ago

    Hi again,

    Ofcourse you are right.

    Our servers run nginx in front of apache, and nginx negotiates the SSL connection and will set HTTP:X-Forwarded-Proto = https, but $_SERVER[‘HTTPS’] will always be off because Apache runs without SSL behind the proxy.

    I noticed the comment on the is_ssl page, which suggests force setting it (will probably work, but is not very elegant) by adding it to wp-config.php.

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; }

    I would have preferred a way where this test and forced assignment was just not necessary, how do other plugins handle this?

    • This reply was modified 5 years, 7 months ago by erlendeide.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Amplification requests, wrong enqueing of scripts’ is closed to new replies.

Tags