https://bugzilla.wikimedia.org/show_bug.cgi?id=69289
--- Comment #2 from Mitar <[email protected]> --- Then maybe MediaWiki (https://www.mediawiki.org/wiki/MediaWiki) has a wrong $wgCanonicalServer setting. Because if you open http://www.mediawiki.org it redirects to HTTPS. So it seems https://www.mediawiki.org is the canonical URL for the site. Server name could not be influenced by an attacker (if yes, you have an error in your server configuration)? But http host yes. But server name does not contain the protocol anyway, no? You could use $_SERVER["HTTPS"]: https://stackoverflow.com/questions/1175096/how-to-find-out-if-you-are-using-https-without-serverhttps But then you will have to make sure that your forward proxy daemon properly sets this (if you run MediaWiki behind it, what you do at mediawiki.org it seems). -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
