Buddypress Activity Plus and SSL

All pages on my site are protected by SSL. When a user posts a link to their timeline, images default to http:// rather than https:// even though the resource is available on https://. This renders my activity stream pages unsecure. Any thoughts on how to handle this? What about links that are not ssl? Is there any way to make the page secure while still allowing those links?

For example, this image was posted to a user's timeline in conjunction with a link to an article. It was posted as http:// even though the https:// is valid.
https://www.motherjones.com/files/turn-off-630px.jpg

Thoughts?

  • Patrick
    • Support Monkey

    Hi there @Jason

    I hope you're having a great day!

    That's odd as there appears to already be a check for http v https in the plugin in buddypress-activity-plus/bpfb.php at line 29:
    define ('BPFB_PROTOCOL', (is_ssl() ? 'https://' : 'http://'), true);

    I've flagged this as a bug as have notified the plugin developer of the issue so he can investigate and get this fixed up.

  • Sajid
    • DEV MAN’s Sidekick

    Hi @Jason! Hope you are doing good today :slight_smile:

    For nonsecure URL I guess there should be function to replace all http with https in a post.

    As long as Patrick already flagged developer so I think we should wait for their invaluable feedback on this matter.

    Take care and have a nice weekend :slight_smile:

    Cheers,Sajid

  • Sajid
    • DEV MAN’s Sidekick

    Hi @Jason! Hope you are doing good today :slight_smile:

    Thanks for searching and finding a resource for this issue. I am afraid it will take lots of time to implement it and integrate it with plugin.

    Rather, in my opinion we can simply check the message and replace any instance of http with https. I am not sure how much sound this option is, our SLS staff may consider any option that is quick and easy to be implemented.

    Yes! Alternatively you can disalbe HTTPS on this page, but I suggest you to wait until we get response from our SLS staff.

    Take care and have a nice day :slight_smile:

    Cheers, Sajid

  • Jason
    • WPMU DEV Initiate

    Hi, Just following up here. In some other reading, I discovered that stripping the https: from the link and making it a relative link( //huffingtonpost.com ) should do the trick. Is there a way to do that simply?

    My site goes live in two weeks. I'd like to have this resolved well before that for testing.

    Thanks!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.