SSL causes failure

Forcing all traffic to ssl is not (for me) a good “workaround”. But after a few more days of rummaging around in WordPress core and such I found that the protocol on the request back to the server (used to facilitate AJAX) is defined wrongly by the “admin_url” function.

On further investigation I found that the problem came about in WordPress 4.0 when “FORCE_SSL_LOGIN” was deprecated. As of 4.0 it is both “ADMIN” and “LOGIN” or neither because the function “force_ssl_admin” returns “true” if either of the aforesaid globals are defined “true”. That means that the “default” protocol returned by “admin_url” will always be ‘https’. And that causes the browser to see the AJAX request as “cross domain” and to NOT send the “COOKIES”.

SOLUTION:

Update “rating.php” in the “simple_rating” directory as follows:

Using your favorite text editor, insert immediately ahead of
if (is_user_logged_in()==1) at line 210, a new line of code as
$scheme = is_ssl() ? 'https': 'http';

Then use the search and replace function of your editor to replace all instances of =>admin_url('admin-ajax.php' with
=>admin_url(‘admin-ajax.php’,$scheme`

This should make the plugin function properly REGARDLESS of what you do with SSL. All ssl, no ssl, login ssl admin ssl, or per page ssl or whatever.

My updates are an appropriate address of the actual problem in that they “get around” THE actual bug in WordPress core and nothing more or less. I always wanted to use “FORCE_SSL_ADMIN” since I started using a “real” ssl cert as opposed to “self signed”. This “admin only” functionality has not been deprecated. It was simply breaking “Simple Rating” and other rating plugins. That is why I used “FORCE_SSL_LOGIN”.

I will assume that any further releases of “Simple Rating” will address this core bug with my suggested changes or in some other way. And I would ask that you mark this issue resolved.