Force https for login and logged in users
We actually have our redmine on an https-only host, with a hard redirect from http to https. I think this is neither needed nor satisfying for casual visitors, so I'd like to force https only on logged in users, or at least for login, so that no password is sent cleartext. Is there any mechanism in redmine to force https on logged in users, or any http headers I could test for to determine if they are logged in? If not, which URL would I have to force https on to ensure at least the login goes over a secure wire?
did you find a solution to your question?