HTTPS header issue with Chrome version 44.0.2403.xx

Question

I have been struggling since I have installed the new Chrome version 44.0.2403.xx.

My initial issue was that some stylesheet on my website were load over https, but my website is only http.

I use wordpress, so I have searched inside the core function to find where the HTTPS was added into the url.

The culprit is the is_ssl() function. Wordpress base is HTTPS verification over the $_SERVER['HTTPS'] variable, and mine was set to 1.

I found out that the last Google Chrome version is sending a header HTTPs = 1.

How can I prevent this header to cause problems to my website?

Answer 1

To solve my issue I have enabled mod_header on the server and added this rule to my appache2.conf file:

<IfModule mod_headers.c>
  RequestHeader unset HTTPS
</IfModule>

Answer 2

The header that Google Chrome is sending HTTPS: 1 gets translated into $_SERVER['HTTP_HTTPS'] on the server side. If you are facing this issue and want a temporary fix, add the following to your wp-config.php file:

// Chrome 44 HTTPS:1 header issue temporary fix
$_SERVER['HTTP_HTTPS'] = 0;

UPDATE 2015-07-29

as of chrome version 44.0.2403.107 the HTTPS header has been removed and replaced by an Upgrade-Insecure-Requests: 1 header.

Answer 3

If you can't modify your server configuration, or only for test purpose you can use this chrome plugin Modify Headers for Google Chrome™, go into the plugin and add the action (Modify) with name (HTTPS) and value (0), dont forget to enable it.

That's it, your wordpress website will work like it should be.