Page MenuHomePhabricator

Set $wgSecureLogin = true for arbcom_dewiki
Closed, DeclinedPublic

Description

Per request of the German arbcom please set $wgSecureLogin = true for arbcom_dewiki.


Version: unspecified
Severity: enhancement

Details

Reference
bz29896

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 21 2014, 11:29 PM
bzimport set Reference to bz29896.
bzimport added a subscriber: Unknown Object (MLST).
Raymond created this task.Jul 14 2011, 4:07 PM
brion added a comment.Jul 14 2011, 6:07 PM

Note that this setting won't be useful until bug 20643 (serving HTTPS from the same hostname & URL path structure) is done, as this feature simply replaces 'http' with 'https' in the link.

This is still a work in progress, and has not yet been deployed for https://arbcom.de.wikipedia.org.

Actually, depending on the settings it might still not work; the current code assumes that $wgServer starts with 'http://' on the http view, which it may not if it's just '//hostname' for protocol-relative links.

(In reply to comment #0)

Per request of the German arbcom please set $wgSecureLogin = true for
arbcom_dewiki.

WONTFIXing this, our cluster isn't currently setup for this and wouldn't work (from my understanding of how we have all the different parts mashed together)).

Continue to log in via the secure server.

This may one day be possible with ryan's and roan's work on improving the secure access but that will be rolled out for everything when its ready so a separate bug isn't really that required.

(CCing Ryan and Roan on)

Reopening because full https support works now: https://arbcom.de.wikipedia.org/

Ugh. Wikis with subdomain names like this are seriously problematic. If you notice, HTTPS works, but there's a certificate error since it doesn't match *.wikipedia.org.

We should actually look at moving sub-subdomains like this to some other name. arbcom-de maybe?

brion added a comment.Oct 3 2011, 8:13 PM

Arrrrrrrggggggggh!

I assume this would also affect en.m.wikipedia.org etc?

Sure does. Thankfully, it seems mobile won't be using a different URL at some point in the future, so that won't be a problem.

Reedy added a comment.Oct 4 2011, 5:07 PM

Barring the certificate error, is it ok to set wgSecureLogin?

I think we should set it as default, and disable it on any wikis with a certificate error. We definitely should *not* enable it on wikis with certificate errors.

(In reply to comment #8)

I think we should set it as default, and disable it on any wikis with a
certificate error. We definitely should *not* enable it on wikis with
certificate errors.

Can we hold off on that until I familiarize myself with what $wgSecureLogin actually does, and whether that'll work with our setup?

Krd added a comment.Nov 21 2011, 10:05 AM

There will be new arbcom-de members next week, so I like to bring up this case again. Can you please give us an update on this issue? Thank you.

We need to rename this wiki (and all wikis like it) to something like arbcom-de.wikipedia.org, if it would like to have HTTPS support.

Krd added a comment.Nov 21 2011, 6:09 PM

For the current arbcom.de.wikipedia.org I'm speaking with community concensus, and we like to use https only and disable http completely, or have a permanent redirect to the https login, if possible.
If renaming is neccessary, please go ahead.
Thank you.

Krd added a comment.Jan 12 2012, 9:38 AM

Is there any update?