Jump to content


Photo
- - - - -

2.2.1 LESS & HTTPS problems - stylesheet calls


This topic has been archived. This means that you cannot reply to this topic.
15 replies to this topic

#1 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 23 June 2012 - 01:30 AM

In short:

When viewing a page via HTTPS, the pagelines-compiled-css-*.css file is calling background elements via http instead of https, causing insecure content errors in browsers.

Example:

Please Login or Register to see this Hidden Content


Is this a Pagelines issue or a lesscss issue?

#2 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 23 June 2012 - 03:04 AM

Really the problem is that the compiled stylesheet is using absolute paths versus relative paths, which interferes with the existing wordpress HTTPS options. Any way to generate relative paths versus absolute paths?

#3 catrina

catrina

    Advocate

  • Members
  • 12345 posts

Posted 23 June 2012 - 03:32 PM

I think it's more of a PageLines issue, which will need to be addressed in a weekly report I'll be submitting. I'm not too familiar with relative paths and absolute paths, but I did some searching around in the WordPress support forum and found this thread on CSS paths:

Please Login or Register to see this Hidden Content

(the last reply provides more insight on paths).

#4 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 24 June 2012 - 02:19 AM

Thanks for the link. Although changing the paths in the normal CSS files is relatively straightforward, having the LESS CSS compiler spit out relative instead of absolute paths is beyond my abilities. I'm sure there's a line or two of code buried in your compiler script that could change this. Really I would suggest you guys use relative paths in the compiled CSS for continuity's sake.

#5 Danny

Danny

    Is Awesome!

  • Moderators
  • 17015 posts

Posted 24 June 2012 - 12:04 PM

Hi cjabaley, I will bring this to our developers attention.

#6 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts

Posted 24 June 2012 - 04:39 PM

This is how it works: At theme init, PARENT_URL is set with get_template_directory(), a wp function that should return the theme dir either ssl or not depending on your site settings. The section urls in the LESS files then simply add /sections/ to the end of PARENT_URL. So if get_template_directory() is not returning a ssl url, its either a wordpress bug, or your blog urls are not set with https:// in the wp general settings area. I took a quick look at your site and could not find any ssl pages.

#7 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 24 June 2012 - 05:32 PM

Thanks for your help.

I use HTTPS on a limited number of pages - all of which have been disabled currently while I work out this issue. This explains why you didn't find any ssl pages. Also, because I only use it in a few places, changing the blog URL prefix to https:// is impractical. Accordingly, I use the plugin Wordpress HTTPS to accomplish this on specific pages. Perhaps it's just a limitation of the plugin, but it doesn't hook the get_template_directory_uri() function. This is discussed here:

Please Login or Register to see this Hidden Content

. Accordingly, all URLs generated by the LESS compiler weren't getting an HTTPS prefix based on PARENT_URL as discussed above.

I have worked around this issue by having PARENT_URL (and CHILD_URL) return a relative path by changing the following in init.globals.php:

Please Login or Register to see this Hidden Content


to

Please Login or Register to see this Hidden Content


Based on some admittedly limited testing, this is having no adverse effect on theme functionality.

#8 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts

Posted 24 June 2012 - 05:42 PM

I have a better solution use the filter I provided ;)

Please Login or Register to see this Hidden Content


Add it to customize functions.php

#9 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 24 June 2012 - 05:55 PM

This is brilliant, but we're only half way there.

Please Login or Register to see this Hidden Content

Has become:

Please Login or Register to see this Hidden Content

on ssl-enabled pages.

However, all URLs with a base of /image/ instead of sections remain unchanged.

Example:

Please Login or Register to see this Hidden Content


See

Please Login or Register to see this Hidden Content

.

#10 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts

Posted 24 June 2012 - 05:57 PM

Ok add this line in there:

Please Login or Register to see this Hidden Content



#11 cjabaley

cjabaley

    Member

  • Members
  • 20 posts

Posted 24 June 2012 - 06:32 PM

Yes, that's done it. I still think that relative paths might be better than simply calling all elements via https, but that's fine for now.

However, calls to

Please Login or Register to see this Hidden Content

are producing a 301 redirect to

Please Login or Register to see this Hidden Content


This is, again, producing a mixed content error.

Edit: This appears to be a problem with the Wordpress HTTPS plugin - specifically the Force SSL Exclusively option. I'll address that with the developer.

Thanks to the WP team for your help - I hope a more permanent fix can find its way into the next version.

#12 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts

Posted 24 June 2012 - 06:55 PM

I'll add a filter into the next minor release.

#13 woodcreekdental

woodcreekdental

    Newbie

  • Members
  • 1 posts

Posted 04 September 2012 - 04:48 PM

When can we expect this minor release? I am also in need of this patch.

#14 Simon_P

Simon_P

    Messer

  • Administrators



  • 8388607 posts

Posted 05 September 2012 - 01:01 AM

It was added ages ago

Please Login or Register to see this Hidden Content

2.2.2 i think

#15 timelf123

timelf123

    Newbie

  • Members

  • 4 posts

Posted 17 October 2012 - 02:51 AM

It was added ages ago

Please Login or Register to see this Hidden Content

2.2.2 i think


What exactly was added? I'd love to add this custom https function/filter on my sites. Is it already in the codebase for the current release?

#16 Danny

Danny

    Is Awesome!

  • Moderators
  • 17015 posts

Posted 17 October 2012 - 07:57 AM

Hi,

An action was added which does what Simon wrote above basically.

Please Login or Register to see this Hidden Content