Page MenuHomePhabricator

shop switches HTTPS -> HTTP when showing login prompt (on clicking checkout)
Closed, ResolvedPublic

Description

I am able to stay on HTTPS on the shop *up until* the site gets to asking me to log in and *then* it sends me to HTTP.

?!

Once a user is on HTTPS, keep them there.


Version: wmf-deployment
Severity: major
URL: https://shop.wikimedia.org/
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=37790

Details

Reference
bz61528

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:04 AM
bzimport added a project: Wikimedia-Shop.
bzimport set Reference to bz61528.
bzimport added a subscriber: Unknown Object (MLST).
jeremyb created this task.Feb 19 2014, 1:37 AM

(In reply to jeremyb from comment #0)

Once a user is on HTTPS, keep them there.

Or just require HTTPS (cf. bug 37790).

(In reply to MZMcBride from comment #1)

Or just require HTTPS (cf. bug 37790).

Yup. But if not then at least do this.

I wasn't aware of this bug, so thanks for pointing it out! I'm going to talk with James Alexander and the people at Shopify to find out what has already been done to work on this and what we can do.

Hi Caitlin, any news/progress here, as this ticket was called the "main focus" in bug 37790 three months ago?

Hi Andre,

Thanks for the ping. I just updated bug 37790. In short, Shopify wasn't able to help us in the way we had hoped, so we're trying to get fr-tech to work on it. We need to work on getting some more technical resources for the shop specifically, and hope to see that happening this summer.

Has this been resolved in T39790#418202 ?

No. I just tested. This issue (redirect to HTTP after login) has not been resolved.

CCogdill_WMF set Security to None.Mar 17 2015, 8:47 AM
CCogdill_WMF edited subscribers, added: vshchepakina; removed: CCogdill_WMF.
Dzahn moved this task from Backlog to Blocked on External on the HTTPS board.Dec 3 2015, 7:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 3 2015, 7:33 PM
Restricted Application added a project: Operations. · View Herald TranscriptFeb 23 2016, 6:13 PM
Dzahn added a comment.Feb 24 2016, 4:52 AM

the shop does not run on WMF infra but external on shopify.com and isn't operated by the operations team. so i'm afraid ops and traffic can't do much here unless we'd stop outsourcing this to shopify.

Seems shopify only use https for checkout transaction.
Similar report earlier in last year:
https://phabricator.wikimedia.org/T96749

GHoltman closed this task as Resolved.Apr 4 2016, 8:52 PM
GHoltman claimed this task.
GHoltman added a subscriber: GHoltman.

Resolved per HuiZSF