https://bugzilla.wikimedia.org/show_bug.cgi?id=40541
Web browser: --- Bug #: 40541 Summary: $wgSecureLogin does not redirect to http if wpStickHTTPS is unchecked Product: MediaWiki Version: 1.20-git Platform: All OS/Version: All Status: NEW Severity: normal Priority: Unprioritized Component: User login AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: cste...@wikimedia.org Classification: Unclassified Mobile Platform: --- When using $wgSecureLogin, if a user leaves wpStickHTTPS unchecked, they are stil redirected to an https page after login. I think it's because getFullURL returns a protocol relative url by default now, so preg_replace( '/^https:/', 'http:', $redirectUrl ) has no effect. (NB: fixing this seems to prevent a user from logging in without wpStickHTTPS checked, because their session cookies are set with the secure attribute, but they are immediately redirected to an insecure page, so their session cookie no longer exists in the request.) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l