Suggested Feature: https redirect for login, or HSTS (or both)


#1

If I go to newsblur.com, I am served a page over http. If I go to https://newsblur.com, it is correctly served over https. Once I log in—over either connection—the reader loads via https.

I’d like to see http://newsblur.com redirect to https://newsblur.com, and if possible a HSTS header set to declare that browsers should always use an https connection.

Thanks for the great site!


#2

Hi Dan, if you look in your preferences under the General tab, there is an option to always use HTTPS.


#3

Yep, I’ve got that checked. But anyone loading newsblur.com without checking the box gets a plain http page.

It’s a problem because it is a login page, and the login credentials are sent to /reader/login which uses https if the page was loaded over https, but http if the page was loaded that way (the default).


#4

would like to see this as well. primarily for instances where i’m logging in for the first time and I’ve just hand typed the URL.