As brought to my attention by Max, through a post on his talk page:
https://meta.wikimedia.org/wiki/User_talk:MZMcBride#HTTPS_switch
== The problem ==
Basically, some user defined JS out there has "http://" hard coded, and
when you request insecure (non-https) resources during a secure session
you get errors in many modern browsers.
This is a heads up that this user created code might need some special
attention before and after the switch over.
== How to fix ==
The best option is to use "protocol relative" urls, these are urls that
start with "//someurl" instead of "http://" or "https://" or "gopher://"
etc.
Here's a blog post about when we started using protocol relative urls in
MediaWiki and at WMF:
https://blog.wikimedia.org/2011/07/19/protocol-relative-urls-enabled-on-tes…
I've put up basic instructions on the HTTPS page on metawiki:
https://meta.wikimedia.org/wiki/HTTPS#Help.21_My_code_is_broken.21
Thanks for getting this out to the appropriate channels!
Greg
cc'ing Wikibots-l(a)lists.wikimedia.org because there might be some
overlap of affected people on that list.
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
This has implications for bot owners (all users, including bot users,
will be forced to HTTPS instead of HTTP when logged in).
Please review your code to make sure it won't break on Wednesday :)
Greg
----- Forwarded message from Greg Grossmeier <greg(a)wikimedia.org> -----
> Date: Mon, 19 Aug 2013 17:00:09 -0700
> From: Greg Grossmeier <greg(a)wikimedia.org>
> To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>, Wikitech Ambassadors
> <wikitech-ambassadors(a)lists.wikimedia.org>
> Subject: HTTPS for logged in users on Wednesday August 21st
>
> Hello all,
>
> As we outlined in our blog post on the future of HTTPS at the Wikimedia
> Foundation[0], the plan is to enable HTTPS by default for logged in
> users on August 21st, this Wednesday.
>
> We are still on target for that rollout date.
>
> As this can have severe consequences for users where HTTPS is blocked by
> governments/network operators *in addition to* users who connect to
> Wikimedia sites via high latency connections, we've set up a page on
> MetaWiki[1] describing what is going on and what it means for users and
> what they can do to report problems.
>
> Please help watch out for any unintended consequences on August 21st and
> report any negative issues to us as soon as you can. Bugzilla[2], IRC
> (#wikimedia-operations), or the (forthcoming) OTRS email are all fine.
> Also, feel free to email myself or ping me directly on IRC.
>
> Best,
>
> Greg
>
> [0] https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/
> [1] https://meta.wikimedia.org/wiki/HTTPS
> [2] https://bugzilla.wikimedia.org
>
> --
> | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
> | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
----- End forwarded message -----
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |