Feature #76895
closed
Add [FE][lockSSL] option in TYPO3_CONF_VARS (as in [BE][lockSSL])
0%
Description
Proposal to add an option to enforce HTTPS if currently logged in as FE user. Could be implemented as in already existing [BE][lockSSL] option.
This would make Extensions like https_enforcer more or less redundant, because TYPO3 core would handle this functionality:
1) already existing in core: Force HTTPS for specific page (pages.url_scheme)
2) already existing in core: Force HTTPS if logged in as BE-User: [BE][lockSSL]
2) not exisiting? : Force HTTPS if logged in as FE-User
Updated by Benni Mack about 8 years ago
Hey Sybille,
the best way to handle this is on the server btw, namely to redirect to SSL pages (= performance).
Also check out the simplessl extension which allows to set this on a domain-level if you need that.
Updated by Sybille Peters about 8 years ago
Hello Benni,
thanks for the hints. Currently we are using the ext. https_enforder to redirect to HTTPS if logged in FE or sending userdata. However, this is no longer necessary. Will redirect all to HTTPS in the future as this will simplify configuration and there is no longer a reason not to redirect all to HTTPS.
Updated by Sybille Peters almost 7 years ago
Due to general tendency of using HTTPS everywhere anyway, I think it no longer makes sense to implement this.
Would close this now (but don't seem to have the permissions).
Perhaps someone can kindly do this for me.
Updated by Georg Ringer almost 7 years ago
- Status changed from New to Rejected
closed issue as HTTPS always on is the best way to go