Explore making redirect on non-ssl optional

[cmeiklejohn]

From Guido:

Now it is working, maybe to be added to a wish list, a flag to "enforce_secure_transport" and by default be true, I'm quite sure many users use SSH tunnels for those things, no point on loading certificates and stuff if your servers are well protected and there is a different transport for sensitive information.

Regards,

Guido.

[guidomedina]

Thanks, the analogy behind this is; say you have servers locally and the nodes in the cloud, between local servers and the cloud there are SSH tunnels, you still want a sort of admin password so locally people don't just get granted access Riak control/admin without forcing the admins to create certificates and SSL configuration in general for Riak control, such flag would nicely do this job, be by default enabled to enforce the current functionality and allow us to disable. In our case we have everything running at localhost only and different transports tied up via SSH tunnels.