Wordpress (WooCommerce?) forces https (when it shouldn't)

Question

I\'m experiencing a strange issue on a WooCommerce installation my company has taken over. It\'s not us who built it and unfortunately it\'s pretty crappy built so I\'m not so s

Answer 1

@Zertuk's solution is correct: upgrading to the latest WooCommerce should fix the issue because of the change that @Zertuk has linked.

To give more detail: Chrome has implemented the Upgrade Insecure Requests specification from the World Wide Web Consortium (W3C). Section 3.2.1 of that specification is The HTTPS HTTP Request Header Field which states

3.2.1. The HTTPS HTTP Request Header Field

The HTTPS HTTP request header field sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests directive in order to make that preference as seamless as possible to provide.

This preference is represented by the following ANBF:

"HTTPS:" *WSP "1" *WSP

WooCommerce's is_ssl() function before version 2.3.13 was incorrectly rewriting all the URLs in the response if the HTTPS: 1 header was set.

Upgrading to the latest version of WooCommerce (currently 2.3.13) fixes the bug.