Missing Redirect to HTTPS from HTTP

[madhuracj]

As report by Emanuel Bronshtein,

visiting over HTTP the following websites will not redirect to HTTPS:

• http://admin.phpmyadmin.net
• http://develdocs.phpmyadmin.net
• http://reports.phpmyadmin.net/
• http://planet.phpmyadmin.net/
• http://klutz.phpmyadmin.net
• http://ci.phpmyadmin.net/
• http://hooks.phpmyadmin.net

[nijel]

• For reports this is intentional setup to allow old clients to submit data.
• For hooks we first needs to check if we're not using http URL somewhere.
• For develdocs it's something what needs to be done at the CDN side (same issue is for www.phpmyadmin.net).

[nijel]

I've reviewed all hooks on GitHub and switched them to https, so hopefully we're safe to fully switch to https there.

[nijel]

I've just changed CDN setup on all hosts to make it consistent:

• Redirect to HTTPS
• Use letsencrypt certificates
• Use HTTPS for backend connection

[emanuelb]

For reports consider a redirect that black-list submit end-points (will redirect to HTTPS if the request-uri isn't /incidents/create) or redirect on non POST requests (as submissions done over POST)

[nijel]

Thats indeed an option, thanks for suggestion!

[nijel]

Now done for reports as well.