https://bugzilla.wikimedia.org/show_bug.cgi?id=57635
Web browser: ---
Bug ID: 57635
Summary: Make $wgPersonaLoginAnywhere work with $wgSecureLogin
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: Persona
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
$wgPersonaLoginAnywhere turns on having the Persona login button on every page
in the Personal URLs section, rather than just having a button on the login
page.
However, when $wgSecureLogin is enabled, all logins must be over HTTPS. Right
now this is handled poorly: if the user is on HTTP and clicks the Persona login
button, they go through the whole login process just to get an API error.
Unfortunately, there's really no way to make it work completely, but there are
a couple of options:
1) Throw a configuration error if a sysadmin tries to have $wgSecureLogin
turned on, $wgPersonaLoginAnywhere turned on, and $wgServer with non-HTTPS as
the scheme
2) Automatically redirect all users to HTTPS (probably the less friendly
option)
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
