•  
      request #10600 HTTPS should be forced when a HTTPS host is set in the configuration file
    Infos
    #10600
    Thomas Gerbet (tgerbet)
    2017-09-22 16:33
    2017-08-25 15:24
    10842
    Details
    HTTPS should be forced when a HTTPS host is set in the configuration file
    Whenever sys_https_host has a value, the default behavior should be to force the usage of HTTPS.

    This is already the behavior of the login page. If it works on the login page it can safely be generalized everywhere.

    Going HTTPS only is the current expected behavior and browsers will give more and more incentive to the users to not do any actions on a HTTP page.

    The same behavior can currently be obtained with the parameter sys_force_ssl set to 1.
    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-09-22
    Attachments
    Empty
    References

    Follow-ups