Page MenuHomePhabricator
Create Task
Maniphest T137915

stream.wikimedia.org doesn't redirect to HTTPS
Closed, DuplicatePublic
Actions

Description

http://stream.wikimedia.org doesn't redirect to HTTPS. T134871 is about moving it behind cache_misc to standardize termination and not need a separate certificate, but VCL has also been updated there to do the same as the current direct service (not redirect HTTPS). Whichever path we go down, we need to eventually close off the insecure access here.

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedBBlackT104681 HTTPS Plans (tracking / high-level info)
 ResolvedBBlackT102824 Clean up DNS/redirects for TLS
 ResolvedArielGlennT107575 download.wiki[mp]edia.org are using an invalid certificate
 ResolvedChmarkineT110511 sitemap.wikimedia.org uses invalid SSL certificate
 ResolvedBBlackT104244 Preload HSTS
 ResolvedBBlackT102814 Decom old multiple-subdomain wikis in wikipedia.org
 ResolvedBBlackT104942 TLS and *.wap/*.mobile multi-level subdomains of wikipedia.org
 ResolvedBBlackT102815 Decom www.$lang hostnames/redirects
 ResolvedBBlackT102826 Fix/decom multiple-subdomain wikis in wikimedia.org
 ResolvedBBlackT102827 Decide what to do with *.donate.wikimedia.org subdomain + TLS
 Resolved CCogdill_WMFT130414 delete links.email.donate.wikimedia.org (and all other email.donate.*?) from DNS
 DeclinedBBlackT111967 Preload HSTS for select hostnames within wikimedia.org
 DuplicateBBlackT111998 investigate/remove hostname login.m.wikimedia.org
 ResolvedBBlackT40516 Enable HSTS on Wikimedia sites
 ResolvedBBlackT132521 Enforce HTTPS+HSTS on remaining one-off sites in wikimedia.org that don't use standard cache cluster termination
 ResolvedBBlackT132452 HSTS preload for wmfusercontent.org
 ResolvedBBlackT132685 Preload STS for wikimedia.org
 ResolvedBBlackT34796 status.wikimedia.org has no (valid) HTTPS
 ResolvedBBlackT132450 enable https for (ubuntu|apt|mirrors).wikimedia.org
 ResolvedBBlackT132812 Sort out letsencrypt puppetization for simple public hosts
 Resolved emaT108827 Investigate TCP Fast Open for tlsproxy
 DeclinedNoneT107236 Switch port 80 to nginx on primary clusters
 DuplicateNoneT137915 stream.wikimedia.org doesn't redirect to HTTPS

Event Timeline

BBlack created this task.Jun 15 2016, 6:43 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJun 15 2016, 6:43 PM
BBlack added a parent task: T107236: Switch port 80 to nginx on primary clusters.Jun 15 2016, 6:43 PM
BBlack added a comment.Jun 16 2016, 2:33 PM

Note: based on simple test python and javascript clients, websocket client libraries tend to not support 301 redirects to HTTPS. So we'll probably have to go through a slightly-painful migration here as we did with T105794 with some user notification and timelines, and then watch un-observant clients get broken :/

BBlack closed this task as a duplicate of T140128: HTTPS-only for stream.wikimedia.org.Jul 12 2016, 4:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits