Feature #76895

Add [FE][lockSSL] option in TYPO3_CONF_VARS (as in [BE][lockSSL])

Added by Sybille Peters over 3 years ago. Updated almost 2 years ago.

Status:
Rejected
Priority:
Could have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2016-06-30
Due date:
% Done:

0%

PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Proposal to add an option to enforce HTTPS if currently logged in as FE user. Could be implemented as in already existing [BE][lockSSL] option.

This would make Extensions like https_enforcer more or less redundant, because TYPO3 core would handle this functionality:

1) already existing in core: Force HTTPS for specific page (pages.url_scheme)
2) already existing in core: Force HTTPS if logged in as BE-User: [BE][lockSSL]
2) not exisiting? : Force HTTPS if logged in as FE-User

History

#1 Updated by Benni Mack over 3 years ago

Hey Sybille,

the best way to handle this is on the server btw, namely to redirect to SSL pages (= performance).

Also check out the simplessl extension which allows to set this on a domain-level if you need that.

https://github.com/CMSExperts/simplessl

#2 Updated by Sybille Peters over 3 years ago

Hello Benni,

thanks for the hints. Currently we are using the ext. https_enforder to redirect to HTTPS if logged in FE or sending userdata. However, this is no longer necessary. Will redirect all to HTTPS in the future as this will simplify configuration and there is no longer a reason not to redirect all to HTTPS.

#3 Updated by Sybille Peters about 2 years ago

Due to general tendency of using HTTPS everywhere anyway, I think it no longer makes sense to implement this.

Would close this now (but don't seem to have the permissions).

Perhaps someone can kindly do this for me.

#4 Updated by Georg Ringer almost 2 years ago

  • Status changed from New to Rejected

closed issue as HTTPS always on is the best way to go

Also available in: Atom PDF