New setting force_ssl that will ensure that Piwik is only used over https SSL
|Reported by:||matt||Owned by:|
|Priority:||major||Milestone:||1.7 Piwik 1.7|
Currently, there is a setting force_ssl_login that forces the login details to be submitted over https.
However, since the token_auth is confidential, and sometimes passed in URLs (API requests, ajax requests done in the admin screens, etc.) it is desired to have a setting that would ensure that Piwik can ONLY be used over SSL.
- when force_ssl=1 then all requests will be redirected to the https:// URL.
- Expected: If SSL is not properly configured then Piwik will NOT work. User can edit the config file to set force_ssl = 0 to re-enable piwik in this case.
- This setting is different from assume_secure_protocol
- Also, update the How to setup secure server guide with this new setting recommendation.