Do not redirect to HTTPS when it's not supported

Most URL generation happens via wfExpandUrl, which honors $wgServer
(or whatever setting it is told to use): if it has an explicit
protcol, that is always used; if it is a protocol-relative URL,
the protocol is selected based on the parameters given to wfExpandUrl.

One exception is MediaWiki::main() which always uses HTTPS if the
relevant cookie or user option is set, even if the wiki does not
support it. That can lead to annoying problems on Vagrant where it
is not unusual to turn HTTPS support on and off: when that happens,
the user can get locked out of the account.

Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0

diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index ff469e4..8f93778 100644 (file)
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -680,6 +680,8 @@ class MediaWiki {
                // isLoggedIn() will do all sorts of weird stuff.
                if (
                        $request->getProtocol() == 'http' &&
+                       // switch to HTTPS only when supported by the server
+                       preg_match( '#^https://#', wfExpandUrl( $request->getRequestURL(), PROTO_HTTPS ) ) &&
                        (
                                $request->getSession()->shouldForceHTTPS() ||
                                // Check the cookie manually, for paranoia