https://bugzilla.wikimedia.org/show_bug.cgi?id=69289
--- Comment #5 from Mitar <[email protected]> --- Hm, maybe we could just require anyone using OAuth to use HTTPS at all times? OAuth should simply be declined without HTTPS? There is really no need for HTTP for APIs. (CPU ought not be an excuse.) (For other installations other could decide on configuration and deal with correctly setting wgCanonicalServer.) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
