Page MenuHomePhabricator
Create Task
Maniphest T33320

CentralAuth doesn't care about https
Closed, ResolvedPublic
Actions

Description

Hi,

I think I've found a major issue in how CentralAuth handles https : when logging in with global login enabled, Special:UserLogin loads remote images from http://wikiwhatever/Special:AutoLogin?token=secrettoken (one image per project), while it should load them from http*s*://sameurl (when browsing using https, of course).

What happens is that cookies are sent unencrypted =/

I guess images should use protocol relative URLs as well.

Best regards,

Arkanosis@frwiki

Version: unspecified
Severity: major

Details

Reference
bz31320

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:53 PM
bzimport added a project: MediaWiki-extensions-CentralAuth.
bzimport set Reference to bz31320.
bzimport added a subscriber: Unknown Object (MLST).
Arkanosis created this task.Oct 3 2011, 8:58 AM
TheDJ added a comment.Oct 3 2011, 9:04 AM

It's due to the switch between secure services. This issue is known, and will be handled today I've been told.

Arkanosis added a comment.Oct 3 2011, 9:15 AM

Fine, thanks :)

Catrope added a comment.Oct 3 2011, 10:54 AM

Fixed in r98745, deployed just now and working for me.

Arkanosis added a comment.Oct 3 2011, 11:56 AM

Works for me too. Thanks a lot!

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.May 5 2015, 6:04 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL