Due to commit 8b754f (from task T238076: Alert group Cookie(s) without Secure flag set), the stopMobileRedirect cookie wouldn't be sent to servers without HTTPS, which causes redirecting to desktop/mobile wouldn't be persistent.Will it be better having a protocol check before the cookie is set to be true?
Due to commit 8b754f, the stopMobileRedirect cookie wouldn't be sent to servers without HTTPS
So this shouldn't affect any Wikimedia projects, though I suppose it could affect other installations of MediaWiki running MobileFrontend without TLS. I'm not sure we'd want to passively encourage that behavior with a protocol check. Pulling that out into a configuration variable with the default being 'secure' => true would be the better approach IMO.