The API requires HTTPS (instead of HTTP) for the API as authentication credentials with HTTP Basic, OAuth2 and OpenID Connect are transmitted without encryption to the server so they can "easily" be sniffed by a third-person. Therefore the WCPS driver should support HTTPS and the deployed instance should activate it by default.
Another issue is, that the Web Editor, which is deployed with HTTPS can't connect to HTTP back-ends due to browsers forbidding "mixed content" (i.e. forbidding insecure HTTP connections being established by secure/HTTPS web pages). Providing the Web Editor with HTTP would promote insecure workflows and therefore is not desirable.
The API requires HTTPS (instead of HTTP) for the API as authentication credentials with HTTP Basic, OAuth2 and OpenID Connect are transmitted without encryption to the server so they can "easily" be sniffed by a third-person. Therefore the WCPS driver should support HTTPS and the deployed instance should activate it by default.
Another issue is, that the Web Editor, which is deployed with HTTPS can't connect to HTTP back-ends due to browsers forbidding "mixed content" (i.e. forbidding insecure HTTP connections being established by secure/HTTPS web pages). Providing the Web Editor with HTTP would promote insecure workflows and therefore is not desirable.