- Status Maybe
- Percent Complete
- Task Type Feature Request
- Category Backend/Core
- Assigned To No-one
- Operating System All
- Severity Very Low
- Priority Very Low
- Reported Version 1.0-beta
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Flyspray - The bug killer!
Opened by Nicolas G. - 16.01.2016
Last edited by peterdd - 17.01.2016
Opened by Nicolas G. - 16.01.2016
Last edited by peterdd - 17.01.2016
FS#2096 - Add an option to force https
Can you add an option to force HTTPS ?
Thx.
I think I added this feature a while ago.
Copy htaccess.dist to .htaccess to make the .htaccess active in an apache server environment.
See the commented lines in file htaccess.dist of flyspray, line 67:
# You can force TLS/SSL by uncommenting this 2 lines if you have a valid certificate for your domain #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # In the case of TLS/SSL available, set also session.cookie_secure=1 # so that the session cookie can't be sniffed by Man-in-the-Middle or same network. # Depends on your server setup/webhosting if done in php.ini, .user.ini or somehow/somewhere else. # Ask your web hoster if you don't know.Consider: The feature was added by me and seems to work for me too, but not yet reviewed by others - at least I got no feedback about it yet.
Yes it works for me too. But it might be better with a button in admin zone to activate this option
Ok, so it is more a luxury problem
and would require php fiddling/modifying .htaccess file?
And what if the user doesn’t use apache, but another web server. I think this goes too far for flyspray source code.
There are more important tasks to do on flyspray at the moment.
If you write the feature, ok.