zenhack / iron-blogger2

GNU General Public License v3.0
3 stars 3 forks source link

Login page should force HTTPS #49

Closed zenhack closed 8 years ago

zenhack commented 9 years ago

The login page should redirect the user to the https url if it isn't already using https. This way, the user can't accidentally send their password in cleartext. It should be possible to disable this for development, since setting up https with the local webserver and getting browsers to trust it is a little awkward.