https://bugzilla.wikimedia.org/show_bug.cgi?id=40968
--- Comment #5 from Krinkle <[email protected]> 2012-10-12 09:34:06 UTC --- Lets translate it to non-ajax: When enabling $wgSecureLogin the login link outputted by the server points to https, so the login procedure goes entirely over https. The login form and login page are not transferred over http and then submitted to https. No, instead the links pointing to the login page are influenced by wgSecureLogin. The form itself is neutral, and will naturally submit over https as the page it is submitted from is also on https. In general it seems like a fragile approach to try and submit things over https when in an http environment. Any other module that doesn't allow hardcoding of the protocol will still submit over http. Instead (like the non-ajax implementation) one should ensure that this script will execute in an https environment to begin with. There are lots of ways to accomplish that. Anyway, if you must, it is totally possible as-is. Also, I believe the below method is superior to implementing an "https" option, as that would imply that it always goes over https, whereas the below is explicit in what it does, expects and intends: * Export your toggle (e.g. wgSecureLogin) to js * Get mw.util.wikiScript( 'api' ) * If toggle is true, and api-path is https:// or //, proceed (convert // to https:// if needed). If not, abort and continue with error state (this means the wiki is misconfigured and will be consistently reproducible) * Instantiate your api interface: var api = new mw.Api({ ajax: { url: myApiPath } }); Rest follows as expected. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
