All http: URls should redirect to the https: version to keep passwords and session cookies secure. Heroku doesn't do this automatically, so your backend needs to do it.
See: https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls
All
http:URls should redirect to thehttps:version to keep passwords and session cookies secure. Heroku doesn't do this automatically, so your backend needs to do it.See: https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls