I have received some informal complaints that indicate that the login page at the shop, is not secure. This should probably redirect to HTTPS.
Description
Description
Related Objects
Related Objects
- Mentioned Here
- T128559: Enable HSTS on store.wikimedia.org for HTTPS
Event Timeline
Comment Actions
Hi @K4-713, @vshchepakina and @violetto
I have tried to track login action, it submits user name and password to https://wikimedia.myshopify.com/account/login and then redirects me to store.wikimedia.org/account without https.
When I manually access https://store.wikimedia.org/account, it redirects me to login page. That means, the cookies generated by last login action has no effect... I have not idea about this...
I also tried to force login action to submit my username and password to https://store.wikimedia.org/account/login, I am also redirected to store.wikimedia.org/account. This time, however, when I manually access https://store.wikimedia.org/account I can stay on my account page and retrieve my information, the cookies work!
So my thought is
- Change the login action from https://wikimedia.myshopify.com/account/login to https://store.wikimedia.org/account/login, to get cookies work for https.
- Then we can add a setting to redirect users to a page with https.
However, I didn't find the a place to set up the login action in theme files.
Any suggestions please?
Comment Actions
@K4-713 @vshchepakina
I have updated login page liquid and added a JS snippet to force all access to be redirected to https.
However, this is not the best solution, it may affect SEO of the website.
Please figure out a way to achieve this request on the server side.
Comment Actions
@HuiZSF: I am resetting the assignee of this task because there have not been any updates for the last two years. Resetting the assignee avoids the impression that somebody is working on this task. Please claim this task again if/when you plan to work on it (via Add Action... → Assign / Claim in the dropdown menu). Thanks!