https://bugzilla.wikimedia.org/show_bug.cgi?id=47292
Web browser: ---
Bug ID: 47292
Summary: ResourceLoader creates absolute URLs to load.php
Product: MediaWiki
Version: 1.20.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: ResourceLoader
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: bluecu...@gmail.com
CC: krinklem...@gmail.com, roan.katt...@gmail.com,
tpars...@wikimedia.org
Classification: Unclassified
Mobile Platform: ---
The last line of ResourceLoader::makeLoaderURL() contains a call to
wfAppendQuery() wrapped in a call to wfExpandUrl(). The effect is to create a
URL to load.php that contains descriptions of resources -- which it does: a
fully-qualified URL with the protocol. In most cases this works fine, but the
protocol observed by the server is not guaranteed to be the same as the
protocol submitted by the client because of various things like load-balancers,
proxies, etc.
In our enterprise environment, SSL is terminated at the load-balancer. However,
for Special:UserLogin we force HTTPS (to avoid security implications with
clear-text passwords.) When Special:UserLogin loads, the HTML response is
loaded over HTTPS, but it contains HTTP links to load.php -- which fail on some
browsers which do not load mixed-protocol content. ( Chrome :/ )
Arguably this is a bug with wfExpandURL() and not the ResourceLoader, but this
is where it manifested itself first. The solution which would preserve current
behavior while enabling desirable behavior is a simple configuration variable:
$wgForceRelativeUrls. When set to true, wfExpandURL() would just return its
first parameter (the relative url.)
Possible duplicate of Bug 29969
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
