smarterweb Posted November 17, 2020 Share Posted November 17, 2020 Even thou we enabled SSL on all pages, you can still reach the URLs of the API webservice via non-ssl standard http. So if you had https://website.com/api/orders it can also be reached by http://website.com/api/orders Shouldn't this be disallowed and automatically be redirected to SSL? Link to comment Share on other sites More sharing options...
Question
smarterweb
Even thou we enabled SSL on all pages, you can still reach the URLs of the API webservice via non-ssl standard http.
So if you had https://website.com/api/orders it can also be reached by http://website.com/api/orders
Shouldn't this be disallowed and automatically be redirected to SSL?
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now