Archived

This topic is now archived and is closed to further replies.

  • 0

2.2.1 LESS & HTTPS problems - stylesheet calls

Question

Posted · Report post

In short: When viewing a page via HTTPS, the pagelines-compiled-css-*.css file is calling background elements via http instead of https, causing insecure content errors in browsers. Example:

	background:#ddd url(http://www.example.com/wp-content/themes/pagelines/images/blink-sprite-grey.png) 0 0 repeat-x;
	

Is this a Pagelines issue or a lesscss issue?

Share this post


Link to post
Share on other sites

15 answers to this question

Posted · Report post

This is how it works: At theme init, PARENT_URL is set with get_template_directory(), a wp function that should return the theme dir either ssl or not depending on your site settings. The section urls in the LESS files then simply add /sections/ to the end of PARENT_URL. So if get_template_directory() is not returning a ssl url, its either a wordpress bug, or your blog urls are not set with https:// in the wp general settings area. I took a quick look at your site and could not find any ssl pages.

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks for your help. I use HTTPS on a limited number of pages - all of which have been disabled currently while I work out this issue. This explains why you didn't find any ssl pages. Also, because I only use it in a few places, changing the blog URL prefix to https:// is impractical. Accordingly, I use the plugin Wordpress HTTPS to accomplish this on specific pages. Perhaps it's just a limitation of the plugin, but it doesn't hook the get_template_directory_uri() function. This is discussed here: http://wordpress.org/support/topic/https-from-stylecss-urls. Accordingly, all URLs generated by the LESS compiler weren't getting an HTTPS prefix based on PARENT_URL as discussed above. I have worked around this issue by having PARENT_URL (and CHILD_URL) return a relative path by changing the following in init.globals.php:

	define('PARENT_URL', get_template_directory_uri());
	define('CHILD_URL', get_stylesheet_directory_uri());
	
to
	define('PARENT_URL', parse_url(get_template_directory_uri(), PHP_URL_PATH));
	define('CHILD_URL', parse_url(get_stylesheet_directory_uri(), PHP_URL_PATH));
	

Based on some admittedly limited testing, this is having no adverse effect on theme functionality.

Share this post


Link to post
Share on other sites

Posted · Report post

I have a better solution use the filter I provided ;)

add_filter( 'pless_vars', 'make_ssl_vars' );
	
	function make_ssl_vars( $vars ) {
	
		$vars['plSectionsRoot'] = str_replace( 'http://', 'https://', $vars['plSectionsRoot'] );
		return $vars;
	}

Add it to customize functions.php

Share this post


Link to post
Share on other sites

Posted · Report post

This is brilliant, but we're only half way there.

http://www.example.com/wp-content/themes/pagelines/sections/twitterbar/twitter-balloon.png
Has become:
https://www.example.com/wp-content/themes/pagelines/sections/twitterbar/twitter-balloon.png
on ssl-enabled pages. However, all URLs with a base of /image/ instead of sections remain unchanged. Example:
http://www.example.com/wp-content/themes/pagelines/images/blink-sprite-grey.png

See here.

Share this post


Link to post
Share on other sites

Posted · Report post

Ok add this line in there:

$vars['plRoot'] = str_replace( 'http://', 'https://', $vars['plRoot'] );

Share this post


Link to post
Share on other sites

Posted · Report post

Yes, that's done it. I still think that relative paths might be better than simply calling all elements via https, but that's fine for now. However, calls to

https://www.example.com/wp-content/themes/pagelines/pagelines-compiled-css-*/
	
are producing a 301 redirect to
http://www.example.com/wp-content/themes/pagelines/pagelines-compiled-css-*/

This is, again, producing a mixed content error. Edit: This appears to be a problem with the Wordpress HTTPS plugin - specifically the Force SSL Exclusively option. I'll address that with the developer. Thanks to the WP team for your help - I hope a more permanent fix can find its way into the next version.

Share this post


Link to post
Share on other sites

Posted · Report post

Really the problem is that the compiled stylesheet is using absolute paths versus relative paths, which interferes with the existing wordpress HTTPS options. Any way to generate relative paths versus absolute paths?

Share this post


Link to post
Share on other sites

Posted · Report post

I'll add a filter into the next minor release.

Share this post


Link to post
Share on other sites

Posted · Report post

I think it's more of a PageLines issue, which will need to be addressed in a weekly report I'll be submitting. I'm not too familiar with relative paths and absolute paths, but I did some searching around in the WordPress support forum and found this thread on CSS paths: http://wordpress.org/support/topic/css-path-question-to-or-not (the last reply provides more insight on paths).

Share this post


Link to post
Share on other sites

Posted · Report post

It was added ages ago http://api.pagelines.com/changelog 2.2.2 i think

What exactly was added? I'd love to add this custom https function/filter on my sites. Is it already in the codebase for the current release?

Share this post


Link to post
Share on other sites

Posted · Report post

Hi,

An action was added which does what Simon wrote above basically.

add_action( 'pl_force_ssl', '__return_true' ); [/CODE]

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks for the link. Although changing the paths in the normal CSS files is relatively straightforward, having the LESS CSS compiler spit out relative instead of absolute paths is beyond my abilities. I'm sure there's a line or two of code buried in your compiler script that could change this. Really I would suggest you guys use relative paths in the compiled CSS for continuity's sake.

Share this post


Link to post
Share on other sites

Posted · Report post

Hi cjabaley, I will bring this to our developers attention.

Share this post


Link to post
Share on other sites

Posted · Report post

When can we expect this minor release? I am also in need of this patch.

Share this post


Link to post
Share on other sites