Page MenuHomePhabricator
Create Task
Maniphest T49276

wikimediafoundation.org should be HTTPS-only
Closed, DeclinedPublic
Actions

Description

HTTPS can be enforced via https://noc.wikimedia.org/conf/remnant.conf. I had a thought today that wikimediafoundation.org should be HTTPS-only. Subsequent thoughts added doubt. For example, the wiki doesn't really get used for donation forms as much these days, I don't think, so some risk is mitigated.

But... it's still a weird fishbowl wiki that allows strange uploads and raw HTML, so it wouldn't be totally unexpected for it to enforce HTTPS. I think it might be nice to have. Filing this as an enhancement request for consideration.

Version: wmf-deployment
Severity: enhancement

Details

Reference
bz47276

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:40 AM
bzimport added projects: Wikimedia-Site-requests, acl*sre-team.
bzimport set Reference to bz47276.
bzimport added a subscriber: Unknown Object (MLST).
MZMcBride created this task.Apr 16 2013, 4:31 AM
Dzahn added a comment.Apr 17 2013, 11:49 PM

https://gerrit.wikimedia.org/r/#/c/56062/

Dzahn added a comment.Jun 3 2013, 7:46 PM

please continue discussion on gerrit patch or here. i don't have a strong opinion on it, just created the patch to show it would be in redirects.conf as opposed to remnants.conf

MZMcBride added a comment.Jun 3 2013, 9:17 PM

This seems like an uncontroversial change.

MZMcBride added a comment.Jun 5 2013, 7:32 AM

(In reply to comment #2)

please continue discussion on gerrit patch or here. i don't have a strong
opinion on it, just created the patch to show it would be in redirects.conf
as opposed to remnants.conf

Thanks for catching that, by the way. I'd gotten private wikis and fishbowl wikis slightly confused.

In addition to changing redirects.conf, I believe $wgServer (or maybe $wgCanonicalSomething) also needs to be adjusted.

gerritbot added a comment.Jun 27 2013, 11:14 PM

Change 56062 abandoned by Dzahn:
Always redirect wikimediafoundation.org to https (RT-4830)

Reason:
abandoning in favor of waiting for varnish to handle it, see bug for details

https://gerrit.wikimedia.org/r/56062

RyanLane added a comment.Jun 27 2013, 11:16 PM

We're waiting on switching to varnish to make the redirects behave properly. When users are forced to login via https (which is soon) this won't be a problem for logged-in users anyway. Also, the current status quo is that anons hit http.

Forcing users to HTTPS will lock out users in any country that blocks HTTPS, so I'd prefer not to do this.

Phabricator_maintenance added a project: HTTPS.Aug 5 2016, 11:40 AM
Phabricator_maintenance removed a subscriber: wikibugs-l-list.
Restricted Application added a project: Traffic. · View Herald TranscriptAug 5 2016, 11:40 AM
Restricted Application added subscribers: JEumerus, Matanya. · View Herald Transcript
Phabricator_maintenance removed a parent task: T29946: [DO NOT USE] SSL related (tracking) [superseded by #HTTPS].Aug 5 2016, 11:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL