https://bugzilla.wikimedia.org/show_bug.cgi?id=57478
T. Gries <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |INVALID --- Comment #1 from T. Gries <[email protected]> --- The question is, whether making it protocol-independent is really safe. We are talking about the server-side implementation (MediaWiki as OpenID Server). When the MediaWiki can be accessed via http: _and_ https: in the same way, then the consumer should trust one of them - not both, because the server could deliver different services, depending whether it is accessed via http or https. So I changed my mind and think, that the $wgOpenIDTrustRoot value should _always_ reflect the actual way, a consumer has authenticated. Closing as INVALID. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
