[Bug 31320] New: CentralAuth doesn't care about https

bugzilla-daemon Mon, 03 Oct 2011 01:58:42 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=31320


       Web browser: ---
             Bug #: 31320
           Summary: CentralAuth doesn't care about https
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Unprioritized
         Component: CentralAuth
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified


Hi,

I think I've found a major issue in how CentralAuth handles https : when
logging in with global login enabled, Special:UserLogin loads remote images
from http://wikiwhatever/Special:AutoLogin?token=secrettoken (one image per
project), while it should load them from http*s*://sameurl (when browsing using
https, of course).

What happens is that cookies are sent unencrypted =/

I guess images should use protocol relative URLs as well.

Best regards,

-- 
Arkanosis@frwiki

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 31320] New: CentralAuth doesn't care about https

Reply via email to