Jump to content
thirty bees forum
  • 0

Enable SSL on all pages, API still works without https!



Even thou we enabled SSL on all pages, you can still reach the URLs of the API webservice via non-ssl standard http.

So if you had https://website.com/api/orders it can also be reached by http://website.com/api/orders

Shouldn't this be disallowed and automatically be redirected to SSL?

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...