https://bugzilla.wikimedia.org/show_bug.cgi?id=39380
--- Comment #39 from Tyler Romeo <[email protected]> --- (In reply to comment #38) > (In reply to comment #24) > > So basically here is what needs to be fixed with $wgSecureLogin: > > * Actual functionality is fixed > > > * Links on the HTTPS login page should be set to the protocol of where the > > user is coming from (I forget where, but there is a bug filed for this). > > > * HTTP cookie is set so user will be auto-redirected to HTTPS when logged in > > there. > This could be done by simply enabling Strict transport security. I did this in Extension:SecureSessions. However, I should note that the third problem has already been fixed with the forceHTTPS cookie and the second problem can't be solved with STS. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
