Last modified: 2013-06-18 13:47:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T32008, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 30008 - "Save page" button redirects from HTTPS to insecure
"Save page" button redirects from HTTPS to insecure
Status: RESOLVED WORKSFORME
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: High normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on: 29981
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-21 21:59 UTC by Sumana Harihareswara
Modified: 2013-06-18 13:47 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sumana Harihareswara 2011-07-21 21:59:23 UTC 
I'm logged into an https site (office.wikimedia.org) and I hit Edit to edit a page.  I make a change to save the page, and find myself on the http version, and get an error message telling me I'm not logged in so my edit can't go through.
Comment 1 Brion Vibber 2011-07-21 23:02:47 UTC 
This'll be the same base problem as bug 29981 -- when saving, you first POST to a local link (so HTTPS -> HTTPS) and then after processing, it redirects you to a GET on the article.

It'd be that redirection where we're losing the https.
Comment 2 Brion Vibber 2011-07-21 23:04:09 UTC 
This can probably be fixed by dropping a wfExpandUrl() onto the redirection URL prior to sending it out; unlike the URL normalization redirects it doesn't need to be cached, so there's no worry here about cache corruption.
Comment 3 Roan Kattouw 2011-07-25 18:02:39 UTC 
(In reply to comment #2)
> This can probably be fixed by dropping a wfExpandUrl() onto the redirection URL
> prior to sending it out; unlike the URL normalization redirects it doesn't need
> to be cached, so there's no worry here about cache corruption.
Actually it's probably wfExpandUrl() that's *causing* this in the first place. This is because, currently, wfExpandUrl( '//example.com' ) always returns 'http://example.com' regardless of which protocol the request came in on. The function needs this mode to avoid cache pollution, but I guess it also needs an 'expand to whichever protocol was used for this request' mode.
Comment 4 Sumana Harihareswara 2011-09-29 16:24:59 UTC 
I no longer encounter this problem on office.wikimedia so I'm closing this.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links