https://bugzilla.wikimedia.org/show_bug.cgi?id=40541
Chris Steipp <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #7 from Chris Steipp <[email protected]> 2012-09-29 15:37:44 UTC --- Roan pointed out that gerrit 25530 results in an infinite redirect if $wgServer includes an http:// protocol. This is because when $wgServer includes the protocol, it's assumed by the code that this means that there is no ssl available, so an http:// url is returned from wfExpandUrl(), even when PROTO_HTTPS is given. I added an ugly hack to wfExpandUrl in gerrit 25721 to ignore this assumption if the site owner has enabled $wgSecureLogin. However, I think it would be best to back up and actually define a couple of things: 1) What does it mean if $wgServer starts with http://? Is it that there is no ssl available / intended, and MediaWiki should never generate an https link? Or should we assume that it's a default configuration, and we can override it if other settings like $wgSecureLogin are set? 2) If $wgServer starting with http:// means that the site should not use tls, but a site also includes $wgSecureLogin set to true, what *should* this mean to mediawiki? Should it be treated as an error? Or should one of the settings be overridden? My preference for #2 is that we assume that the most secure preference is desired. I wouldn't even mind changing the protocol of $wgServer to be relative if $wgSecureLogin is true in Setup.php. But again, I'm not sure all of the places where assumptions are made about #1 in the code, and in our user base. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
