Suggested Feature: https redirect for login, or HSTS (or both)

If I go to, I am served a page over http. If I go to, it is correctly served over https. Once I log in—over either connection—the reader loads via https.

I’d like to see redirect to, and if possible a HSTS header set to declare that browsers should always use an https connection.

Thanks for the great site!


Hi Dan, if you look in your preferences under the General tab, there is an option to always use HTTPS.

Yep, I’ve got that checked. But anyone loading without checking the box gets a plain http page.

It’s a problem because it is a login page, and the login credentials are sent to /reader/login which uses https if the page was loaded over https, but http if the page was loaded that way (the default).

1 Like

would like to see this as well. primarily for instances where i’m logging in for the first time and I’ve just hand typed the URL.

Hi, login and sign-up should always use https, sending clear text passwords it is a security risk for us - users :frowning:

hi @steanne, I know about this, but this should be implemented on application level, not every friend or family member is “technical” enough

I just loaded HTTPS homepage, logged in, and was sent to HTTP newsblur!!!