Last modified: 2013-04-10 02:27:51 UTC
I'm using the new login process (useAgora in query string). I have HTTPS Everywhere enabled in FF 19.0.2. I suspect that HTTPS Everywhere may also be buggy on this browser because I see some other unrelated sites that should have HTTPS in the URL don't have it. When I copy the "http:" link for the toro server into the FF location bar, the http disappears and I'm left with something that looks like: http://toro.wmflabs.org/wiki/Special:UserLogin?useAgora=1 I also see a "use secure server" link, which looks like it's dead: "Firefox can't establish a connection to the server at toro.wmflabs.org." As a user, I would wonder why https:// isn't in the location bar and why I have to click another link to use a secure server. Again, this may be an issue with HTTPS Everywhere.
HTTPS Everywhere doesn't have a rule for that domain, so it can't be HTTPS Everywhere's fault. I don't think Toro supports HTTPS - even if it did I don't think it could have a valid certificate.
This is a legitimate bug, though it is in fact unrelated to HTTPS Everywhere. It should not be showing the "use secure server" link unless/until HTTPS is supported. I need to determine if this is a problem with toro's config or the code proper. HTTPS not being used automatically is not a bug. MediaWiki lets wikis be conservative about SSL usage, even if SSL is supported. For instance, WMF has such settings. This is to avoid overwhelming the SSL servers.
*** Bug 46967 has been marked as a duplicate of this bug. ***
The new login form only shows the secure login link if it thinks the wiki server can do HTTPS (and you're not already on HTTPS), so a while ago I intentionally mis-set toro's server configuration to show the link despite it not supporting https. Matthew Flaschen just fixed toro's config. Thanks for testing!