Now the HTTP login page redirects to the HTTPS version, but for some reason creating an account is exempt.
Is there any reason to allow the login details to be sent in cleartext even once?
What I expect: [1] should redirect to [2]
Version: wmf-deployment
Severity: normal