Page MenuHomePhabricator

Use http get with https whenever possible
Closed, ResolvedPublic


Version: unspecified
Severity: normal
Whiteboard: storypoints: 2



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:44 AM
bzimport set Reference to bz40550.
bzimport added a subscriber: Unknown Object (MLST).

There were two place you're calling Http::get(), it would be nice if they could both be forced to use https. It looks like you're using the data pulled back to populate objects, which is fine for the objects you're currently using, but if you start building objects that could effect access control, then you want to make sure you have the correct data.

Partial fix in Idf0a6547, but that does not address the issues raised about HTTP requests from the MediaWikiSite class. If I remember the discussion correctly, we agreed that any protocol-relative base URL should default to using HTTPs - at least for Wikimedia sites. That needs additional work.

With the patch in and doing a fresh install of MW + Wikibase repo (running maintenance/update.php), I get the following error:

Warning: Invalid argument supplied for foreach() in /Library/WebServer/Documents/wikidata-repo/extensions/Wikibase/lib/includes/Utils.php on line 88

When I change the "https" back to "http", then it works. There must be some other solution for this to work correctly.

Verified in Wikidata demo time for sprint 18