Force https for login and logged in users

Added by Felix Schäfer over 8 years ago

Hello,

We actually have our redmine on an https-only host, with a hard redirect from http to https. I think this is neither needed nor satisfying for casual visitors, so I'd like to force https only on logged in users, or at least for login, so that no password is sent cleartext. Is there any mechanism in redmine to force https on logged in users, or any http headers I could test for to determine if they are logged in? If not, which URL would I have to force https on to ensure at least the login goes over a secure wire?

Thanks!

Replies (1)

RE: Force https for login and logged in users - Added by flurios fl almost 6 years ago

Hey Felix,

did you find a solution to your question?

Cheers,

(1-1/1)