Page MenuHomePhabricator

Require https for the api URL
Open, Needs TriagePublic

Description

Currently, the exchange of the secret from the android app to the MediaWiki site can be done by http, if one wants to. This should be prevented, as the connection is not secure and someone else could read the secret and could hijack the users identity easily.

Event Timeline

Florian created this task.May 21 2019, 5:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 21 2019, 5:21 PM