[QA] no HTTPS on beta labs
S Page
spage at wikimedia.org
Tue Jul 22 21:25:20 UTC 2014
On Tue, Jul 22, 2014 at 10:31 AM, Chris McMahon <cmcmahon at wikimedia.org>
wrote:
>
>> I'm not sure if this was deliberate or not, or even if it should be
> changed, I haven't tried using HTTPS on beta in a really long time.
>
Chris filed https://bugzilla.wikimedia.org/68387
I must have accepted the certificate, because as I remark in the bug, I had
forceHTTPS cookie set for beta labs (so I would automatically redirect to
the https URL for pages when logged in). It worked until maybe 2-3 weeks
ago, then I had to clear cookies to use beta labs.
https was very useful when testing login and create account forms. I don't
need it now. Firefox console warns "Password fields present in a form with
an insecure (http://) form action. This is a security risk that allows user
login credentials to be stolen." Which is true, and someone could steal the
Selenium_user password.
--
=S Page Features engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/qa/attachments/20140722/3aecc93f/attachment.html>
More information about the QA
mailing list