[Bug 55860] New: Special:BannerRandom attempts to load insecure content for mobile domains on HTTPS

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=55860

       Web browser: ---
            Bug ID: 55860
           Summary: Special:BannerRandom attempts to load insecure content
                    for mobile domains on HTTPS
           Product: MediaWiki extensions
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: CentralNotice
          Assignee: wikibugs-l@lists.wikimedia.org
          Reporter: aricha...@wikimedia.org
                CC: fr-t...@wikimedia.org, s...@ludd.net
    Classification: Unclassified
   Mobile Platform: ---

To replicate, go to https://m.mediawiki.org - with console open, you should see
an error like:

[blocked] The page at https://m.mediawiki.org/wiki/MediaWiki ran insecure
content from
http://meta.m.wikimedia.org/wiki/Special:BannerRandom?uselang=en&sitename=M…roject=wikimedia&anonymous=false&bucket=1&country=US&device=android&slot=6.

I presume this makes it impossible to run CN banners on mobile devices for
logged in users.

I chatted briefly with Matt Walker about this and it sounds like this is the
result of how infrastructure is currently architected, though there may be an
easy solution of forcing mobile URLs in CentralNotice using
MobileContext::getMobileUrl() from MobileFrontend.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l