Manual:$wgForceHTTPS/pt-br
| URLs de servidor e caminhos de arquivo: $wgForceHTTPS | |
|---|---|
| Redirect insecure HTTP requests to HTTPS. |
|
| Introduzido na versão: | 1.34.3 (Gerrit change 608504; git #c75eef91) |
| Removido na versão: | ainda em uso |
| Valores permitidos: | (boolean) |
| Valor padrão: | false (gerrit:608504, gerrit:612497, gerrit:615840) |
| Outras definições: Alfabético | Por função | |
Details
If this setting is true, when an insecure HTTP request is received, always redirect to HTTPS. This overrides and disables the preferhttps user preference, and it overrides $wgSecureLogin and the CanIPUseHTTPS hook.
$wgServer may be either https or protocol-relative. If $wgServer starts with "http://", an exception will be thrown.
If a reverse proxy or CDN is used to forward requests from HTTPS to HTTP, the request header "X-Forwarded-Proto: https" should be sent to suppress the redirect.
In addition to setting this to true, for optimal security, the webserver should also be configured to send HTTP Strict Transport Security (HSTS) response headers.
Quando $wgForceHTTPS está ajustado para false, a preferência HTTP/HTTPS é rastreada por usuário, através de uma combinação de:
- a preferência de usuário
prefershttps - o cookie
forceHTTPSe os metadados da sessão (disponível viaSession::shouldForceHTTPS())- eventuais Hooks PHP alterando metadados da sessão (Manual:Hooks/SessionMetadata)
- o método PHP
Session::setForceHTTPS()
Availability
This variable was added in MediaWiki 1.35.0 (gerrit:608504). It was backported to 1.34 as part of the MediaWiki 1.34.3 release (gerrit:612497) as well as to 1.31 as part of the MediaWiki 1.31.9 release (gerrit:615840).