Page MenuHomePhabricator

Native "force https" option
Closed, ResolvedPublic

Description

Author: tiger197

Description:
Native option for automatic redirection from http to https.

In other words, merge http://fs.fsinf.at/wiki/SecurePages extension into source code. Plus add relative options to preferences.


Version: unspecified
Severity: enhancement

Details

Reference
bz36456

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:28 AM
bzimport set Reference to bz36456.
bzimport added a subscriber: Unknown Object (MLST).

s wrote:

+1

Also, rIght now it’s possible to log in with HTTPS and then visit (say, from an external link) a Wikimedia page via http and be suddenly not logged in anymore. Change the URL back to https and, presto, you’re logged in again.

It’s great that the authentication cookies are set to secure, but that should really come with a non-secure “hey-please-redirect-me-to-https” cookie.

  • This bug has been marked as a duplicate of bug 29898 ***