Last modified: 2013-08-19 15:43:21 UTC
HTTPS can be enforced via <https://noc.wikimedia.org/conf/remnant.conf>. I had a thought today that wikimediafoundation.org should be HTTPS-only. Subsequent thoughts added doubt. For example, the wiki doesn't really get used for donation forms as much these days, I don't think, so some risk is mitigated. But... it's still a weird fishbowl wiki that allows strange uploads and raw HTML, so it wouldn't be totally unexpected for it to enforce HTTPS. I think it might be nice to have. Filing this as an enhancement request for consideration.
https://gerrit.wikimedia.org/r/#/c/56062/
please continue discussion on gerrit patch or here. i don't have a strong opinion on it, just created the patch to show it would be in redirects.conf as opposed to remnants.conf
This seems like an uncontroversial change.
(In reply to comment #2) > please continue discussion on gerrit patch or here. i don't have a strong > opinion on it, just created the patch to show it would be in redirects.conf > as opposed to remnants.conf Thanks for catching that, by the way. I'd gotten private wikis and fishbowl wikis slightly confused. In addition to changing redirects.conf, I believe $wgServer (or maybe $wgCanonicalSomething) also needs to be adjusted.
Change 56062 abandoned by Dzahn: Always redirect wikimediafoundation.org to https (RT-4830) Reason: abandoning in favor of waiting for varnish to handle it, see bug for details https://gerrit.wikimedia.org/r/56062
We're waiting on switching to varnish to make the redirects behave properly. When users are forced to login via https (which is soon) this won't be a problem for logged-in users anyway. Also, the current status quo is that anons hit http. Forcing users to HTTPS will lock out users in any country that blocks HTTPS, so I'd prefer not to do this.
