Forcing all non-SSL requests to SSL requests is now an option.

2014-10-26 22:15:12 +01:00 · 2014-10-26 22:15:12 +01:00 · 2b5372aebe
commit 2b5372aebe
parent f1697d3e5d
3 changed files with 6 additions and 2 deletions
--- a/index.php
+++ b/index.php
@ -53,8 +53,8 @@ if(!$install) {
 	load_config('config');
 	load_config('system');

-	if ((intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
-		($a->get_scheme() == "http") AND
+	if (get_config('system','force_ssl') AND ($a->get_scheme() == "http") AND
+		(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
 		(substr($a->get_baseurl(), 0, 8) == "https://")) {
 		header("HTTP/1.1 302 Moved Temporarily");
 		header("location: ".$a->get_baseurl()."/".$a->query_string);