Last modified: 2013-10-02 19:27:30 UTC
Now the HTTP login page redirects to the HTTPS version, but for some reason creating an account is exempt. Is there any reason to allow the login details to be sent in cleartext even once? What I expect: [1] should redirect to [2] [1] http://en.wiktionary.org/w/index.php?title=Special:UserLogin&returnto=Wiktionary%3AMain+Page&type=signup [2] https://en.wiktionary.org/w/index.php?title=Special:UserLogin&returnto=Wiktionary%3AMain+Page&type=signup
Not only for Wiktionary, there are lots of signup pages which should redirect to https. For instance, http://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page should redirect to https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page But currently it doesn't redirect.
(In reply to comment #1) Sorry, I meant: http://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page&type=signup and https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page&type=signup (In the original post, the link points to the login page rather than the signup page.)
Confirmed on enwiki. Re-prioritizing.
I have vague memories of doing that for a reason, but I can't seem to find it right now. Git blame points to Tyler for the $this->mType !== 'signup' in the code. Tyler, do you remember why signup was excluded there?
I can't seem to recall why I put that condition there. I don't think there was a reason. The commit this condition was added on was way back in 565014a8, when I originally fixed $wgSecureLogin functionality (because before that the feature was completely broken and didn't work). It should be safe to just take that out of the if() statement.
csteipp: Any news here, after Tyler's reply?
Woops https://gerrit.wikimedia.org/r/86314 Merged