https://bugzilla.wikimedia.org/show_bug.cgi?id=47292
Web browser: --- Bug ID: 47292 Summary: ResourceLoader creates absolute URLs to load.php Product: MediaWiki Version: 1.20.2 Hardware: All OS: All Status: NEW Severity: normal Priority: Unprioritized Component: ResourceLoader Assignee: wikibugs-l@lists.wikimedia.org Reporter: bluecu...@gmail.com CC: krinklem...@gmail.com, roan.katt...@gmail.com, tpars...@wikimedia.org Classification: Unclassified Mobile Platform: --- The last line of ResourceLoader::makeLoaderURL() contains a call to wfAppendQuery() wrapped in a call to wfExpandUrl(). The effect is to create a URL to load.php that contains descriptions of resources -- which it does: a fully-qualified URL with the protocol. In most cases this works fine, but the protocol observed by the server is not guaranteed to be the same as the protocol submitted by the client because of various things like load-balancers, proxies, etc. In our enterprise environment, SSL is terminated at the load-balancer. However, for Special:UserLogin we force HTTPS (to avoid security implications with clear-text passwords.) When Special:UserLogin loads, the HTML response is loaded over HTTPS, but it contains HTTP links to load.php -- which fail on some browsers which do not load mixed-protocol content. ( Chrome :/ ) Arguably this is a bug with wfExpandURL() and not the ResourceLoader, but this is where it manifested itself first. The solution which would preserve current behavior while enabling desirable behavior is a simple configuration variable: $wgForceRelativeUrls. When set to true, wfExpandURL() would just return its first parameter (the relative url.) Possible duplicate of Bug 29969 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l