https://bugzilla.wikimedia.org/show_bug.cgi?id=40541
Web browser: ---
Bug #: 40541
Summary: $wgSecureLogin does not redirect to http if
wpStickHTTPS is unchecked
Product: MediaWiki
Version: 1.20-git
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: cste...@wikimedia.org
Classification: Unclassified
Mobile Platform: ---
When using $wgSecureLogin, if a user leaves wpStickHTTPS unchecked, they are
stil redirected to an https page after login.
I think it's because getFullURL returns a protocol relative url by default now,
so preg_replace( '/^https:/', 'http:', $redirectUrl ) has no effect.
(NB: fixing this seems to prevent a user from logging in without wpStickHTTPS
checked, because their session cookies are set with the secure attribute, but
they are immediately redirected to an insecure page, so their session cookie no
longer exists in the request.)
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
