Last modified: 2011-10-03 11:56:23 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T33320, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 31320 - CentralAuth doesn't care about https
CentralAuth doesn't care about https
Status: VERIFIED FIXED
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: Unprioritized major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-03 08:58 UTC by Jérémie Roquet
Modified: 2011-10-03 11:56 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jérémie Roquet 2011-10-03 08:58:34 UTC 
Hi,

I think I've found a major issue in how CentralAuth handles https : when logging in with global login enabled, Special:UserLogin loads remote images from http://wikiwhatever/Special:AutoLogin?token=secrettoken (one image per project), while it should load them from http*s*://sameurl (when browsing using https, of course).

What happens is that cookies are sent unencrypted =/

I guess images should use protocol relative URLs as well.

Best regards,

-- 
Arkanosis@frwiki
Comment 1 Derk-Jan Hartman 2011-10-03 09:04:28 UTC 
It's due to the switch between secure services. This issue is known, and will be handled today I've been told.
Comment 2 Jérémie Roquet 2011-10-03 09:15:20 UTC 
Fine, thanks :)
Comment 3 Roan Kattouw 2011-10-03 10:54:05 UTC 
Fixed in r98745, deployed just now and working for me.
Comment 4 Jérémie Roquet 2011-10-03 11:56:23 UTC 
Works for me too. Thanks a lot!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links