https://bugzilla.wikimedia.org/show_bug.cgi?id=54512
--- Comment #5 from Chris Steipp <[email protected]> --- I tried to hack on it for a couple hours while reviewing it, and it's a difficult issue. But let me add what I know. * Since it was mentioned above, 307 redirects don't seem to work in FF or Chrome for this, otherwise I'd be happy to do that in core. * The issue seems to be that when the consumer does the XRDS querries, the provider gives back http:// urls, even with wgSecureLogin enabled. When it's hacked to only return https:// something else in the Auth library is failing. When I return both, it will POST to the https url, but later it gives throws an exception about a missmatch in the urls. But that's about as far as I was able to get. So it may be a fix inside of the library, or it might be a fix for the return of Special:OpenIDXRDS. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
