Configure SSL schema for "private" actions.
Right now I have my entire Redmine installation hosted on an SSL-enabled vhost in Apache2. I have a mod_rewrite rule for anything on port 80 to redirect to the SSL-enabled vhost. This is largely overkill, but I wanted to protect any page with private information. Enumerating all the possible URLs for this and drafting mod_rewrite rules is a lengthy and error-prone process.
What I would like to see is a project setting for enabling SSL for "private" actions. Private here meaning user privacy and not a language-level construct. All this option would do is enable the creation of SSL links for these actions or internally redirect to the same URL with the HTTPS schema. The SSL portion would still be handled at the web server level.
For whatever it's worth, that's what I thought the "Protocol" setting would do when I first started with Redmine. It wasn't until later that I realized it was for email links.
Updated by Go MAEDA over 6 years ago
- Related to Feature #24763: Force SSL when Setting.protocol is "https" added