- I captured the headers from a page reload of the Extensions » MicroTiny WYSIWYG editor page and extracted a list of thirteen (unencrypted) http: URLs requested (see attached).
- It appears that MicroTiny init. code used by the backend during an SSL admin session also contains URLs based on $config['root_url'] rather than $config['ssl_url'].
Code: Select all
#grep http: /tmp/cache/mt_0f3d9d7e1635a606aa639e5d24f05R75b image : 'http://example.com/modules/MicroTiny/images/cmsmslink.gif', document_base_url : "http://example.com/", var cmsURL = "http://example.com/modules/MicroTiny/filepicker.php?_sx_=0ca14680&type="+type;
Code: Select all
$config['admin_url'] = 'https://example.org/my.admin';
$config['root_url'] = 'http://example.org';
$config['ssl_url'] = 'https://example.org';