Page MenuHomePhabricator
Create Task
Maniphest T131131

Canonical URL in Store points to HTTP address, should be HTTPS
Closed, ResolvedPublic
Actions

Description

The [[ view-source:https://store.wikimedia.org/ | source code ]] at the Wikimedia Store includes a canonical URL that points to the non-HTTPS address. There's also a script directly above, that changes to the HTTPS-site.

<script>
	if (window.location.protocol == "http:") {
		var restOfUrl = window.location.href.substr(5);
		window.location.replace("https:" + restOfUrl);
	}
</script>
<link rel="canonical" href="http://store.wikimedia.org/" />

At least the canonical URL should be exchanged with the HTTPS address

Related Objects
Search...

Event Timeline

Volker_E created this task.Mar 29 2016, 1:30 AM
Restricted Application added a project: Traffic. · View Herald TranscriptMar 29 2016, 1:30 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
ema triaged this task as Medium priority.Jul 8 2016, 10:18 AM
Restricted Application added a project: SRE. · View Herald TranscriptJul 8 2016, 10:18 AM
BBlack moved this task from Backlog to TLS on the Traffic board.Sep 30 2016, 1:48 PM
BBlack added a parent task: T128559: Enable HSTS on store.wikimedia.org for HTTPS.Oct 3 2016, 2:20 PM
BBlack closed this task as Resolved.Jun 26 2017, 10:27 PM
BBlack claimed this task.
BBlack subscribed.

Currently this looks to be fixed. The relevant snippet on the live store site is now:

<script>
        if (window.location.protocol == "http:") {
                var restOfUrl = window.location.href.substr(5);
                window.location.replace("https:" + restOfUrl);
        }
</script>
<link rel="canonical" href="https://store.wikimedia.org/" />

(and yes, they do seem to properly 301-redirect HTTP to HTTPS, so I'm not sure why the hacky JS protocol redirect is still there, but it doesn't hurt anything)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits