Page MenuHomePhabricator

SecurityError: The operation is insecure. mediawiki.action.view.redirect.js
Closed, ResolvedPublic

Description

On https://m.mediawiki.org/wiki/Special:MyLanguage/Help:Contents?debug=true I see the exception: "SecurityError: The operation is insecure. mediawiki.action.view.redirect.js"

This appears to relate to the line:

history.replaceState( /* data= */ history.state, /* title= */ document.title, /* url= */ canonical );

The value of mw.config.get( 'wgInternalRedirectTargetUrl' ) on mobile is "//www.mediawiki.org/w/index.php?title=Help:Contents&debug=true"

Either the redirect code needs to take into account the mobile demain or the internal redirect target url should be a relative link.

Event Timeline

@thcipriani not sure at this point. It's not clear what team supports that redirect code. I'm not sure if there is a quick fix to this or this requires some focus from core platform team. That said the error is happening at low frequency.

@thcipriani not sure at this point. It's not clear what team supports that redirect code. I'm not sure if there is a quick fix to this or this requires some focus from core platform team. That said the error is happening at low frequency.

Ack. Thank you for filing the task.

Oh, I wrote some of this code when I was a wee lad ;)

Change 606276 had a related patch set uploaded (by Bartosz Dziewoński; owner: Bartosz Dziewoński):
[mediawiki/core@master] Fix redirects using Special:MyLanguage etc. when using a mobile domain

https://gerrit.wikimedia.org/r/606276

Change 606276 merged by jenkins-bot:
[mediawiki/core@master] Fix redirects using Special:MyLanguage etc. when using a mobile domain

https://gerrit.wikimedia.org/r/606276

matmarex claimed this task.