Last modified: 2013-11-27 00:38:42 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T59635, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 57635 - Make $wgPersonaLoginAnywhere work with $wgSecureLogin


Summary:	Make $wgPersonaLoginAnywhere work with $wgSecureLogin

Status:	NEW

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	Persona (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	High enhancement (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-11-27 00:37 UTC by Tyler Romeo
Modified:	2013-11-27 00:38 UTC (History)
CC List:	1 user (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tyler Romeo 2013-11-27 00:37:45 UTC

$wgPersonaLoginAnywhere turns on having the Persona login button on every page in the Personal URLs section, rather than just having a button on the login page.

However, when $wgSecureLogin is enabled, all logins must be over HTTPS. Right now this is handled poorly: if the user is on HTTP and clicks the Persona login button, they go through the whole login process just to get an API error.

Unfortunately, there's really no way to make it work completely, but there are a couple of options:

1) Throw a configuration error if a sysadmin tries to have $wgSecureLogin turned on, $wgPersonaLoginAnywhere turned on, and $wgServer with non-HTTPS as the scheme
2) Automatically redirect all users to HTTPS (probably the less friendly option)

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links