Page MenuHomePhabricator
Create Task
Maniphest T90527

Enable HSTS and point rel=canonical to HTTPS for all Russian Wikimedia projects
Closed, ResolvedPublic
Actions

Description

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled, we should set its wgCanonicalServer to HTTPS, so that Bing will update the links to HTTPS.

[1] https://www.bing.com/search?q=site%3aru.wikipedia.org

In T91352#1103471, @Eloquence wrote:

A Russian Wikipedia community member implemented a JavaScript redirect to send Russian Wikipedia traffic to HTTPS in August 2014, so most Russian Wikipedia traffic has been going over HTTPS since last year. A similar hack was in place in Russian Wikinews. The resulting configuration was vulnerable to man-in-the-middle attacks, as it depended on users first loading the insecure version. It also caused a major performance hit for users due to the double-loading. In consultation with Russian Wikimedia community members, consistent with our long term HTTPS rollout objectives, and consistent with the pre-existing request to participate in the HTTPS beta, we superseded the hack with a server-side redirect and HSTS as a secure and consistent default configuration for all Russian language projects.

Details

SubjectRepoBranchLines +/-
Point rel=canonical to HTTPS for all ru projectsoperations/mediawiki-configmaster+8 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Chmarkine created this task.Feb 24 2015, 4:22 AM
Chmarkine claimed this task.
Chmarkine raised the priority of this task from to Needs Triage.
Chmarkine updated the task description. (Show Details)
Chmarkine added projects: HTTPS, HTTPS-by-default.
Chmarkine subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 24 2015, 4:22 AM
Chmarkine added a comment.Feb 24 2015, 5:02 AM

https://gerrit.wikimedia.org/r/192502/

Chmarkine added a parent task: T53002: Point rel=canonical to HTTPS on every page.Feb 24 2015, 5:08 AM
Aklapper added a project: acl*sre-team.Feb 24 2015, 9:33 AM
Aklapper set Security to None.
JanZerebecki subscribed.Feb 24 2015, 4:55 PM
Chmarkine renamed this task from Point rel=canonical to HTTPS for Russian Wikipedia (ruwiki) to Point rel=canonical to HTTPS for all Russian Wikimedia projects.Feb 24 2015, 7:23 PM
Chmarkine updated the task description. (Show Details)
gerritbot subscribed.Feb 24 2015, 7:36 PM

Change 192502 had a related patch set uploaded (by Chmarkine):
Point rel=canonical to HTTPS for all ru projects All Russian Wikimedia projects are HTTPS only, so change the canonical links to have search engines update their indexes.

https://gerrit.wikimedia.org/r/192502

Patch-For-Review

Aklapper added a project: Patch-For-Review.Feb 25 2015, 9:20 AM
Nemo_bis subscribed.Feb 25 2015, 10:05 AM

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled

Can you mention the commit which made them so, please?

JanZerebecki added a subscriber: BBlack.Feb 25 2015, 3:03 PM
gerritbot added a comment.Feb 25 2015, 4:04 PM

Change 192502 merged by jenkins-bot:
Point rel=canonical to HTTPS for all ru projects

https://gerrit.wikimedia.org/r/192502

Chmarkine added a comment.Feb 25 2015, 4:36 PM
In T90527#1065142, @Nemo_bis wrote:

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled

Can you mention the commit which made them so, please?

Sorry, I don't know! @JanZerebecki told me to update the canonical links for all Russian projects. I also checked the response headers, and indeed they were HTTPS only.

Chmarkine closed this task as Resolved.Feb 25 2015, 4:37 PM
Elitre subscribed.Feb 25 2015, 10:26 PM
Aklapper mentioned this in T91044: Create an unsecure server for WMF wikis.Feb 27 2015, 10:51 AM
Jdforrester-WMF removed a project: Patch-For-Review.Mar 3 2015, 5:27 PM
Nemo_bis mentioned this in rOMWC471b5985e11d: Point rel=canonical to HTTPS for all ru projects.Mar 3 2015, 9:01 PM
Nemo_bis added a parent task: T91352: Russian projects force HTTPS regardless of preferences.Mar 4 2015, 10:54 AM
Nemo_bis added a parent task: T91044: Create an unsecure server for WMF wikis.
Nemo_bis added a comment.Mar 4 2015, 10:56 AM

Ok, as there doesn't seem to be a ticket about HSTS I'm using this one instead.

Nemo_bis added a parent task: T40516: Enable HSTS on Wikimedia sites.Mar 5 2015, 4:05 PM
Nemo_bis renamed this task from Point rel=canonical to HTTPS for all Russian Wikimedia projects to Enable HSTS and point rel=canonical to HTTPS for all Russian Wikimedia projects.Mar 11 2015, 11:19 AM
Nemo_bis updated the task description. (Show Details)
Nemo_bis added a subscriber: Eloquence.
putnik subscribed.Mar 11 2015, 12:29 PM
Rubin16 subscribed.Mar 11 2015, 12:56 PM
Ricordisamoa subscribed.Mar 14 2015, 2:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits