Use HTTPS Exclusively

Use HTTPS Exclusively

by Corey Wallis -
Number of replies: 1

Hi,

I have a related question to my earlier post Is the embedded browser on iOS different to the system browser? We have some Moodle instances that must be always accessed via HTTPS. Any request to the instance must be made via HTTPS, and requests made by HTTP either result in an error, or are redirected to HTTPS.

I note that the Moodle Mobile app now authenticates via HTTPS correctly, when HTTPS is specified int the 'Site URL' field. Subsequent requests, such as for web services or links to other content, are made via HTTP. 

Is there any way to ensure that the Moodle Mobile app uses HTTPS for all requests, and not just for authentication?

With thanks. 

-Corey 

Average of ratings: -
In reply to Corey Wallis

Re: Use HTTPS Exclusively

by Juan Leyva -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

Hi Corey,

once you have been authenticated, the app uses the site url returned by the webservice core_get_siteinfo

If in your config.php your $CFG->wwwroot starts by "http://" the app will use that protocol for further requests.

I suspect that your site is under a load balancer/firewall of something similar that adds the SSL layer to your requests but in your settings you have a wwwroot under http (not https)

Am I right? If not, can I have a demo/test user in order to check what is happening (you can email me at: juan AT moodle.com )

Regards

Average of ratings: -