Roots comment form action URL on https

1

I have a Roots site (https://epoch.exaktime.com) hosted on WP Engine with an SSL certificate. When I posted a comment on a blog, the screen turned white. According to support at WPE:

Your site is forced to HTTPS
But the comments are trying to be posted to http://epoch.exaktime.com/wp-comments-post.php
That’s hardcoded into the site
It should be https://epoch.exaktiktime.com/wp-comments-post.php

I’m not sure exactly where that file would be, but essentially you’ll want to remove the hardcoded string that points to your URL root (epoch.exaktime.com). I believe that is managed in the theme files.
https://www.dropbox.…2014-11-11%2011.37.30.png?dl=0

What file would have this hard-coding? Has anyone ever had experience with this error or the solution provided from WPE? Thanks in advance.

2

I’m not sure what would be up with this. Maybe do a search on your theme for http://

There isn’t anything that is hard-coded in a default Roots theme, though. everything uses WP functions, such as get_template_directory() and get_template_directory_uri()

And get_template_directory_uri() should check if SSL is required or not.

3

+1 to @kalenjohnson’s reply. Afaik there are only a few WP functions that don’t run a protocol check. With the exception of wp_get_attachment_url() they’re mostly pretty obscure functions…

Also, this should not be an issue if you set your site URL to use https directly in wp-admin.

1 Like
4

Thanks guys. The fix was in templates/comments.php where on line 47:

<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">

was changed to:

<form action="/wp-comments-post.php" method="post" id="commentform">

Since the site URL was entered with a http not https protocol.

1 Like
5

Thanks for documenting the fix for others that may come across this thread :thumbsup:

1 Like