Hi,
we are in the process to migrate our Sharepoint application to https, and are currently publishing the same farm under both http and https schemes for compatibility reasons.

When the user accesses the farm via http protocol, SPGetCurrentSite returns the https url as the root url, thus breaking subsequent calls even when enabling CORS (ajax calls would require the xhr withCredentials attribute, and even then credentials are not sent when using the OPTIONS verb).

A much simpler and cleaner solution would be to check the url protocol before returning from SPGetCurrentSite; if different from the current window.location.protocol, it should be simply replaced in the returned url.

Thanks for your help,
Luca

This is the proposed fix to method SPGetCurrentSite:

complete: function (xData) {
            	var respThisSite = $(xData.responseXML).find("WebUrlFromPageUrlResult").text();
            	
				if (location.protocol == "https:")
					respThisSite = respThisSite.replace("http://", "https://"); // Return the URL as https
				else if (location.protocol == "http:")
					respThisSite = respThisSite.replace("https://", "http://"); // Return the URL as http
		
                currentContext.thisSite = respThisSite;
            }

Whoops. My bad.
I had added both the http and the https addresses to the same zone in Alternate Access Mappings. When I moved the http one to the Intranet zone everything started working correctly even with the original code.

Sorry for the red herring.