Last modified: 2012-01-12 09:38:48 UTC
Per request of the German arbcom please set $wgSecureLogin = true for arbcom_dewiki.
Note that this setting won't be useful until bug 20643 (serving HTTPS from the same hostname & URL path structure) is done, as this feature simply replaces 'http' with 'https' in the link. This is still a work in progress, and has not yet been deployed for https://arbcom.de.wikipedia.org. Actually, depending on the settings it might still not work; the current code assumes that $wgServer starts with 'http://' on the http view, which it may not if it's just '//hostname' for protocol-relative links.
(In reply to comment #0) > Per request of the German arbcom please set $wgSecureLogin = true for > arbcom_dewiki. WONTFIXing this, our cluster isn't currently setup for this and wouldn't work (from my understanding of how we have all the different parts mashed together)). Continue to log in via the secure server. This may one day be possible with ryan's and roan's work on improving the secure access but that will be rolled out for everything when its ready so a separate bug isn't really that required. (CCing Ryan and Roan on)
Reopening because full https support works now: https://arbcom.de.wikipedia.org/
Ugh. Wikis with subdomain names like this are seriously problematic. If you notice, HTTPS works, but there's a certificate error since it doesn't match *.wikipedia.org. We should actually look at moving sub-subdomains like this to some other name. arbcom-de maybe?
Arrrrrrrggggggggh! I assume this would also affect en.m.wikipedia.org etc?
Sure does. Thankfully, it seems mobile won't be using a different URL at some point in the future, so that won't be a problem.
Barring the certificate error, is it ok to set wgSecureLogin?
I think we should set it as default, and disable it on any wikis with a certificate error. We definitely should *not* enable it on wikis with certificate errors.
(In reply to comment #8) > I think we should set it as default, and disable it on any wikis with a > certificate error. We definitely should *not* enable it on wikis with > certificate errors. Can we hold off on that until I familiarize myself with what $wgSecureLogin actually does, and whether that'll work with our setup?
There will be new arbcom-de members next week, so I like to bring up this case again. Can you please give us an update on this issue? Thank you.
We need to rename this wiki (and all wikis like it) to something like arbcom-de.wikipedia.org, if it would like to have HTTPS support.
For the current arbcom.de.wikipedia.org I'm speaking with community concensus, and we like to use https only and disable http completely, or have a permanent redirect to the https login, if possible. If renaming is neccessary, please go ahead. Thank you.
Is there any update?