We just had a discussion about this in the office and suggested a way forward.
The plan is:
* Install a filter with a "whitelist" of domains to rewrite. By default only internal links and supported links to our known repositories will be converted by the filter. The white list of domains should be configurable by the admin
* Enable the filter by default for sites that previously had loginhttps enabled
* If loginhttps was enabled during upgrade, send an email to the admin suggesting that they run the admin tool to convert all their links and disable the filter
* Add an admin tool to do the same rewriting and update the database. Support the same whitelist settings as the filter. The admin tool should work from cli as it may take a long time to complete. The optionally the web version should allow the actual rewriting to be done as an adhoc task (and send an email when its finished).
Please let us know if this plan does or does not sound like it will work for you.
Security and privacy
HTTP to HTTPS converter for external content
This discussion has been locked so you can no longer reply to it.