Manual:$wgForceHTTPS/ru
URL-адреса серверов и пути к файлам: $wgForceHTTPS | |
---|---|
Redirect insecure HTTP requests to HTTPS. |
|
Введено в версии: | 1.34.3 (Gerrit change 608504; git #c75eef91) |
Удалено в версии: | всё ещё используется |
Допустимые значения: | (boolean) |
Значение по умолчанию: | false (gerrit:608504, gerrit:612497, gerrit:615840) |
Другие настройки: По алфавиту | По функциональности |
Details
If this configuration parameter is set to true
when receiving an insecure HTTP request, it will always redirect to HTTPS.
This overrides and disables the preferhttps user preference, and it overrides $wgSecureLogin .
$wgServer may be either https or protocol-relative. If $wgServer starts with "http://", an exception will be thrown.
If a reverse proxy or CDN is used to forward requests from HTTPS to HTTP, the request header "X-Forwarded-Proto: https
" should be sent to suppress the redirect.
In addition to setting this to true
, for optimal security, the webserver should also be configured to send HTTP Strict Transport Security (HSTS) response headers.
When $wgForceHTTPS
is set to false
, HTTP/HTTPS preference is tracked on a per-user basis, by a combination of:
- the
prefershttps
user preference - the cookie
forceHTTPS
and session metadata (available viaSession::shouldForceHTTPS()
)- eventual PHP hooks changing session metadata (Manual:Hooks/SessionMetadata )
- the PHP method
Session::setForceHTTPS()
Availability
This variable was added in MediaWiki 1.35.0 (gerrit:608504). It was back-ported to 1.34 as part of the MediaWiki 1.34.3 release (gerrit:612497) as well as to 1.31 as part of the MediaWiki 1.31.9 release (gerrit:615840).