Last modified: 2013-04-10 02:27:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48962, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 46962 - HTTPS link is shown on toro new login form but HTTPS is not supported
HTTPS link is shown on toro new login form but HTTPS is not supported
Status: RESOLVED FIXED
Product: Wikimedia Labs
Classification: Unclassified
Other (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Matthew Flaschen
:
: 46967 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-06 18:13 UTC by testingwithfire
Modified: 2013-04-10 02:27 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description testingwithfire 2013-04-06 18:13:05 UTC 
I'm using the new login process (useAgora in query string).

I have HTTPS Everywhere enabled in FF 19.0.2. I suspect that HTTPS Everywhere may also be buggy on this browser because I see some other unrelated sites that should have HTTPS in the URL don't have it.

When I copy the "http:" link for the toro server into the FF location bar, the http disappears and I'm left with something that looks like:

http://toro.wmflabs.org/wiki/Special:UserLogin?useAgora=1

I also see a "use secure server" link, which looks like it's dead:

"Firefox can't establish a connection to the server at toro.wmflabs.org."

As a user, I would wonder why https:// isn't in the location bar and why I have to click another link to use a secure server. Again, this may be an issue with HTTPS Everywhere.
Comment 1 Alex Monk 2013-04-06 18:22:27 UTC 
HTTPS Everywhere doesn't have a rule for that domain, so it can't be HTTPS Everywhere's fault. I don't think Toro supports HTTPS - even if it did I don't think it could have a valid certificate.
Comment 2 Matthew Flaschen 2013-04-06 18:32:54 UTC 
This is a legitimate bug, though it is in fact unrelated to HTTPS Everywhere.  It should not be showing the "use secure server" link unless/until HTTPS is supported.  I need to determine if this is a problem with toro's config or the code proper.

HTTPS not being used automatically is not a bug.  MediaWiki lets wikis be conservative about SSL usage, even if SSL is supported.  For instance, WMF has such settings.  This is to avoid overwhelming the SSL servers.
Comment 3 Bartosz Dziewoński 2013-04-06 18:45:11 UTC 
*** Bug 46967 has been marked as a duplicate of this bug. ***
Comment 4 spage 2013-04-10 01:34:29 UTC 
The new login form only shows the secure login link if it thinks the wiki server can do HTTPS (and you're not already on HTTPS), so a while ago I intentionally mis-set toro's server configuration to show the link despite it not supporting https. Matthew Flaschen just fixed toro's config.

Thanks for testing!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links