[Bug 20251] strategywiki, usabilitywiki domains not in auto-login list for SUL
https://bugzilla.wikimedia.org/show_bug.cgi?id=20251 Alexandre Emsenhuber [IAlex] changed: What|Removed |Added Blocks||21766 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 20251] strategywiki, usabilitywiki domains not in auto-login list for SUL
https://bugzilla.wikimedia.org/show_bug.cgi?id=20251 --- Comment #8 from Roan Kattouw 2009-08-23 10:51:44 UTC --- (In reply to comment #6) > Correcting summary. They can be added to the explicit autologin list, but I > don't really want like 20 rarely-used specialty wikis slowing down every > user's > logins. The cross-domain cookies are just extra sugar, anyway for now... > There's not that many non-private *.wikimedia.org wikis, only like 7 or so. That'd still double the number of images, of course. > Roan, I'm not sure I understand what bug 20298 actually accomplishes. My > impression is that it basically would allow the same thing that the > -to-set-a-cookie already does, but you could do it by XHR instead of an > (only supporting browsers) and it might or might not override users' > settings on cross-domain cookie setting. > > As I understand, it would still require a hit per site to set the cookies, and > wouldn't get past our need to limit access to only certain *.wikimedia.org > subdomains. > You're right, I misunderstood what it did. For some reason, undoubtedly influenced by wishful thinking, I was under the impression that it'd allow cookies to go cross-domain (e.g. from *.wikipedia.org to usability.wikimedia.org ) if both domains allowed it. This isn't possible (yet?). Another possible solution using cross-domain AJAX the way it actually works would be to have wikis that aren't on the *.wikipedia.org domain to grab http://en.wikipedia.org/w/api.php?action=query&meta=userinfo , which is passed the user's *.wikipedia.org cookie (because of the Access-Control-Allow-Credentials: true header) and returns whether and as whom the user is logged in at enwiki. There may be some security implications here, so it may be desirable to introduce a new API module for this, but the basic idea sounds like it could work. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 20251] strategywiki, usabilitywiki domains not in auto-login list for SUL
https://bugzilla.wikimedia.org/show_bug.cgi?id=20251 --- Comment #7 from liangent 2009-08-22 04:48:40 UTC --- we are running a centralnotice pointing to strategywiki. it is bad not to log in automatically. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 20251] strategywiki, usabilitywiki domains not in auto-login list for SUL
https://bugzilla.wikimedia.org/show_bug.cgi?id=20251 Brion Vibber changed: What|Removed |Added CC||br...@wikimedia.org Summary|SUL broken on strategywiki, |strategywiki, usabilitywiki |usabilitywiki |domains not in auto-login ||list for SUL --- Comment #6 from Brion Vibber 2009-08-21 00:49:13 UTC --- Correcting summary. They can be added to the explicit autologin list, but I don't really want like 20 rarely-used specialty wikis slowing down every user's logins. The cross-domain cookies are just extra sugar, anyway for now... Roan, I'm not sure I understand what bug 20298 actually accomplishes. My impression is that it basically would allow the same thing that the -to-set-a-cookie already does, but you could do it by XHR instead of an (only supporting browsers) and it might or might not override users' settings on cross-domain cookie setting. As I understand, it would still require a hit per site to set the cookies, and wouldn't get past our need to limit access to only certain *.wikimedia.org subdomains. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
