https://bugzilla.wikimedia.org/show_bug.cgi?id=71716
Bug ID: 71716
Summary: If coming from a non-secure website to a secured
login, if force ssl is not enabled, it should return
to the non-secure website.
Product: MediaWiki
Version: 1.23.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Unprioritized
Component: User login and signup
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Web browser: ---
Mobile Platform: ---
So looks like there's a bug if a mediawiki site has https enabled but doesn't
want https anywhere other than login. So if the client comes via non-secure and
goes to login with a secured wiki, then proceeds to login (and hasn't chosen to
force SSL), the site continues to be in SSL.
Expected behavior: If a client logs in from non-ssl and the wiki has SSL
enabled, and the client has not set "force ssl", the client should return to
the non-secure wiki.
This patch should fix that behavior since the 'fromhttp' parameter wasn't being
sent back to the post page properly:
https://gerrit.wikimedia.org/r/#/c/164882/
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
