Page MenuHomePhabricator

Should EditURI be calculated using the site's canonical protocol?
Closed, DuplicatePublic

Description

We're currently including a protocol-relative EditURI on pages, but I'm not sure that makes sense any more. The change dates back to 2011, when we were preparing to migrate from mixed http/https to pure https: rMW6adb2e86a52f485c649b7409c66c5ffde99c082e

Since the edit API requires https to perform any POST request on Wikimedia sites, it seems preferable to use the canonical protocol for EditURI, to reduce the possibility of a client incorrectly producing an http URL. (I just ran into this in T228851.)

Event Timeline

@awight: Assuming this task is about MediaWiki-General, hence adding project tag so others can find this task when searching for tasks under that project or looking at that project workboard.

Anomie added a subscriber: Anomie.

It seems to me that if a client is producing an http URL on a Wikimedia site where the page must have been loaded over https, then most likely the client is not following RFC 3986 § 5.1 which would be a bug in the client.

If we do anything here, I'd say it should be T118413: Wikimedia wikis should use https:// in $wgServer so we stop generating protocol-relative links anywhere.

After discussion in our triage meeting, we (CPT) decided this should be closed in favor of T118413: Wikimedia wikis should use https:// in $wgServer.

After discussion in our triage meeting, we (CPT) decided this should be closed in favor of T118413: Wikimedia wikis should use https:// in $wgServer.

Excellent, thank you for the elegant solution!

One more note—I think this explains a bothersome difference between the beta cluster and production, I've been bitten by these protocol-relative URLs several times now because beta-cluster smoke testing demonstrates different behavior. T118413 should help reconcile the two.