https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Bug 41022 depends on bug 29898, which changed state.
Bug 29898 Summary: User preference for enforcing HTTPS
https://bugzilla.wikimedia.org/show_bug.cgi?id=29898
What|Removed |Added
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Bug 41022 depends on bug 29898, which changed state.
Bug 29898 Summary: User preference for enforcing HTTPS
https://bugzilla.wikimedia.org/show_bug.cgi?id=29898
What|Removed |Added
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Bug 41022 depends on bug 29898, which changed state.
Bug 29898 Summary: User preference for enforcing HTTPS
https://bugzilla.wikimedia.org/show_bug.cgi?id=29898
What|Removed |Added
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Waldir wal...@email.com changed:
What|Removed |Added
Depends on||27946
--
You are receiving
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Brion Vibber br...@wikimedia.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #7 from Chris Steipp cste...@wikimedia.org 2012-10-15 13:53:39
UTC ---
It's not secure to send https cookies over http. So if a user requests https on
mediawiki login, we set the flag to only send the session cookie for page
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #8 from Krenair kren...@gmail.com 2012-10-15 15:40:59 UTC ---
Is this bug WONTFIX/INVALID then?
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #9 from Huji huji.h...@gmail.com 2012-10-15 22:30:36 UTC ---
(In reply to comment #7)
It's not secure to send https cookies over http. So if a user requests https
on
mediawiki login, we set the flag to only send the session
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
MZMcBride b...@mzmcbride.com changed:
What|Removed |Added
CC||b...@mzmcbride.com
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #2 from Huji huji.h...@gmail.com 2012-10-14 18:47:30 UTC ---
Not really. Bug 29898 talks about if a user wants to always use HTTPS for login
(JUST for login), and how to enforce all sessions to be secure. This bug,
however, is about
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #3 from MZMcBride b...@mzmcbride.com 2012-10-14 19:11:35 UTC ---
(In reply to comment #2)
For example, I may use HTTP primarily and even decide to login over HTTP (and
therefore not use the feature 29898 is suggesting); however,
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #4 from Huji huji.h...@gmail.com 2012-10-14 19:41:11 UTC ---
The reverse doesn't work. Log into HTTPS and then visit the site under HTTP.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #5 from MZMcBride b...@mzmcbride.com 2012-10-14 20:25:56 UTC ---
(In reply to comment #4)
The reverse doesn't work. Log into HTTPS and then visit the site under HTTP.
Right. This is a security feature. It prevents users from
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
--- Comment #6 from Huji huji.h...@gmail.com 2012-10-14 23:39:34 UTC ---
I'm not sure if this is against security standards. From bug 29898 comment 2 by
Brion Vibber:
Running all login forms through HTTPS, then after that either keeping you
https://bugzilla.wikimedia.org/show_bug.cgi?id=41022
Huji huji.h...@gmail.com changed:
What|Removed |Added
Depends on||29898
--
Configure
15 matches
Mail list logo