• Status Maybe
  • Percent Complete
  • Task Type Feature Request
  • Category Backend/Core
  • Assigned To No-one
  • Operating System All
  • Severity Very Low
  • Priority Very Low
  • Reported Version 1.0-beta
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by microniko - 16.01.2016
Last edited by peterdd - 17.01.2016

FS#2096 - Add an option to force https

Can you add an option to force HTTPS ?


Project Manager

I think I added this feature a while ago.

Copy htaccess.dist to .htaccess to make the .htaccess active in an apache server environment.

See the commented lines in file htaccess.dist of flyspray, line 67:

# You can force TLS/SSL by uncommenting this 2 lines if you have a valid certificate for your domain
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# In the case of TLS/SSL available, set also session.cookie_secure=1
# so that the session cookie can't be sniffed by Man-in-the-Middle or same network.
# Depends on your server setup/webhosting if done in php.ini, .user.ini or somehow/somewhere else.
# Ask your web hoster if you don't know.

Consider: The feature was added by me and seems to work for me too, but not yet reviewed by others - at least I got no feedback about it yet.

Yes it works for me too. But it might be better with a button in admin zone to activate this option ;-)

Project Manager

Ok, so it is more a luxury problem ;-) and would require php fiddling/modifying .htaccess file?
And what if the user doesn’t use apache, but another web server. I think this goes too far for flyspray source code.
There are more important tasks to do on flyspray at the moment.
If you write the feature, ok.


Available keyboard shortcuts


Task Details

Task Editing