Page MenuHomePhabricator

Native "force https" option
Closed, ResolvedPublic


Author: tiger197

Native option for automatic redirection from http to https.

In other words, merge extension into source code. Plus add relative options to preferences.

Version: unspecified
Severity: enhancement



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:28 AM
bzimport set Reference to bz36456.
bzimport added a subscriber: Unknown Object (MLST).

s wrote:


Also, rIght now it’s possible to log in with HTTPS and then visit (say, from an external link) a Wikimedia page via http and be suddenly not logged in anymore. Change the URL back to https and, presto, you’re logged in again.

It’s great that the authentication cookies are set to secure, but that should really come with a non-secure “hey-please-redirect-me-to-https” cookie.

  • This bug has been marked as a duplicate of bug 29898 ***