Roan sent out a new set of HTTPS fixes today, which made us confident
enough to enable protocol-relative URLs and HTTPS on commonswiki and
foundationwiki. We haven't purged the cache yet for these wikis, so
it's very likely some pages will point you back to HTTP. We'll be
purging caches some time soon, but please don't hesitate to try it
now. Please file bug reports or let Roan or I know of any issues you
find.
Note: there is likely a bunch of site CSS, JS, and templates that will
need to be changed to use protocol relative URLs everywhere. HTTPS has
a massive long tail :). If you feel like helping out with that, please
be bold.
Another *important* note: "Log me in globally" is still actually
insecure, even when using HTTPS. It loads the images from each wiki
using HTTP, which is what sets your cookies (which are also, then sent
over HTTP). If you use this option, people can still steal your
cookies; they cannot, however steal your password.
- Ryan