Support » Plugin: BuddyPress Compliments » Amplification requests, wrong enqueing of scripts

  • buddypress-compliments/bp-compliments.php: define( ‘BP_COMPLIMENTS_URL’, plugin_dir_url( __FILE__ ) );
    buddypress-compliments/bp-compliments-core.php: wp_enqueue_script( ‘bp-compliments-js’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘js/bp-compliments.js’, array( ‘jquery’ ) );
    buddypress-compliments/bp-compliments-core.php: wp_register_style( ‘bp-compliments-css’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘css/bp-compliments.css’ );
    buddypress-compliments/includes/bp-compliments-taxonomies.php: wp_enqueue_script( ‘compliments-adminjs’, constant( ‘BP_COMPLIMENTS_URL’ ) . ‘js/admin.js’, array(), false, true );

    You must not enqueue scripts and css using the URL – plugin_dir_url(), but rather the plugin path. Currently, this makes WordPress request these files over http from itself.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stiofan

    (@stiofansisland)

    Hi @erlendeide,

    plugin_dir_url() is very much the correct function to use, it will set the schema to http or https automatically based on this function: https://developer.wordpress.org/reference/functions/is_ssl/

    If your site is running https and the files are being output as http then there are two possibilities:
    1. Your server is not setting $_SERVER[‘HTTPS’]
    2. Something is filtering the url, likely via ‘plugins_url’ filter to set it to http.

    Let me know if you need more help.

    Thanks,

    Stiofan

    Hi again,

    Ofcourse you are right.

    Our servers run nginx in front of apache, and nginx negotiates the SSL connection and will set HTTP:X-Forwarded-Proto = https, but $_SERVER[‘HTTPS’] will always be off because Apache runs without SSL behind the proxy.

    I noticed the comment on the is_ssl page, which suggests force setting it (will probably work, but is not very elegant) by adding it to wp-config.php.

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; }

    I would have preferred a way where this test and forced assignment was just not necessary, how do other plugins handle this?

    • This reply was modified 2 years, 1 month ago by erlendeide.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Amplification requests, wrong enqueing of scripts’ is closed to new replies.