Change Details

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled, we should set its wgCanonicalServer to HTTPS, so that Bing will update the links to HTTPS. [1] https://www.bing.com/search?q=site%3aru.wikipedia.org

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled, we should set its wgCanonicalServer to HTTPS, so that Bing will update the links to HTTPS. [1] https://www.bing.com/search?q=site%3aru.wikipedia.org >>! In T91352#1103471, @Eloquence wrote: > A Russian Wikipedia community member implemented a JavaScript redirect to send Russian Wikipedia traffic to HTTPS in August 2014, so most Russian Wikipedia traffic has been going over HTTPS since last year. A similar hack was in place in Russian Wikinews. The resulting configuration was vulnerable to man-in-the-middle attacks, as it depended on users first loading the insecure version. It also caused a major performance hit for users due to the double-loading. In consultation with Russian Wikimedia community members, consistent with our long term HTTPS rollout objectives, and consistent with the pre-existing request to participate in the HTTPS beta, we superseded the hack with a server-side redirect and HSTS as a secure and consistent default configuration for all Russian language projects.

Since Russian Wikimedia projects are HTTPS only and have HSTS enabled, we should set its wgCanonicalServer to HTTPS, so that Bing will update the links to HTTPS. [1] https://www.bing.com/search?q=site%3aru.wikipedia.org >>! In T91352#1103471, @Eloquence wrote: > A Russian Wikipedia community member implemented a JavaScript redirect to send Russian Wikipedia traffic to HTTPS in August 2014, so most Russian Wikipedia traffic has been going over HTTPS since last year. A similar hack was in place in Russian Wikinews. The resulting configuration was vulnerable to man-in-the-middle attacks, as it depended on users first loading the insecure version. It also caused a major performance hit for users due to the double-loading. In consultation with Russian Wikimedia community members, consistent with our long term HTTPS rollout objectives, and consistent with the pre-existing request to participate in the HTTPS beta, we superseded the hack with a server-side redirect and HSTS as a secure and consistent default configuration for all Russian language projects.