On Tue, Aug 20, 2013 at 10:58 AM, Tyler Romeo <tylerro...@gmail.com> wrote:
> To clarify, the default value for this HTTPS option is false, meaning you > have to explicitly turn it on in order to force HTTPS. In other words, the > only functional change being made by this deployment is that *login* on > certain projects will be over HTTPS. So for those who do not have HTTPS, > they will have to log in through a project that does not have secure login > enabled. And once they do log in, they should be fine thereafter. > > *-- * > Thanks Tyler, For clarification purposes I'm putting my understanding of this below, if you or someone else thinks what I'm saying is wrong please correct :): * The 'force https' preference is an option that is, by default, turned off. * However, for most wikis (not all), force https login is turned on. * Because forced https login is turned on the 'default' for those people will be to move from an https login to an https page because our normal workflow is to always keep you on https if you are already on https (if you are on page X, like a login page, in https then the next page X2 is also in https). * However, if you drop yourself down to http (for example just load the page in http by dropping the s from the address bar and pressing enter) you will not be forced back to https by default for the same reason (our normal workflow) assuming that you have not turned on the https preference. * If you login from an http (non secure) login page such as zhWiki or faWiki you will be able to remain logged in while going to a non secure wiki page (http://en.wikipedia.org ) and not be forced to https (unless you selected that in your preference). On a side note: I assume the preference is wiki based rather then global? James James Alexander Legal and Community Advocacy Wikimedia Foundation (415) 839-6885 x6716 @jamesofur _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
