Make Wikispore HTTPS-only
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Tgr
	Aug 18 2020, 3:34 PM

Related Objects

Mentioned Here: T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests

Event Timeline

Tgr created this task.Aug 18 2020, 3:34 PM

Tgr moved this task from Backlog to Next-up on the Wikispore board.Oct 18 2020, 7:05 PM

Tgr claimed this task.Oct 18 2020, 7:14 PM

Nintendofan885 added a project: HTTPS.Oct 18 2020, 7:18 PM

Restricted Application added a project: Traffic. · View Herald TranscriptOct 18 2020, 7:18 PM

Ladsgroup moved this task from Triage to BadHerald on the Traffic board.Oct 19 2020, 8:46 AM

Restricted Application added a project: SRE. · View Herald TranscriptOct 19 2020, 8:47 AM

I think this is as easy as enabling $wgForceHTTPS and maybe setting a HSTS header.

I know tech people will not love this question, but access, sustainability and low-resource enthusiasts in me would love to ask:

What are the urgencies in pushing for HTTPS-only right now?
(we do not do any super secret info or transactions that need security)
((it basically just adds more processing and reduces or even cuts access for weak-old hardware))

Sure, theft of a Wikispore account is not particularly damaging, but I doubt there are many people who cannot access Wikipedia and its sister projects but would want to access Wikispore, so there isn't anything to win by leaving it open to (however unlikely) attacks.

Ladsgroup removed projects: SRE, Traffic.Apr 21 2021, 2:35 PM

T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests made the entire wmflabs.org HTTPS only

Make Wikispore HTTPS-onlyClosed, ResolvedPublicActions

Related Objects

Event Timeline

Make Wikispore HTTPS-only
Closed, ResolvedPublic
Actions