GitLab Pages force HTTPS

Description

GitLab Pages provides both HTTP and HTTPS connections (if a certificate is available), but HTTPS is not enforced. So, if you request resources via HTTP, it will stay unencrypted.

Proposal

Add an option that enforce HTTPS connections: if a connections is HTTP, and the current domain (shared or custom) has a certificate, a 301 redirect message is sent back to the client.

HTTP/1.1 301 Moved Permanently
Location: https://<username>.gitlab.io

This setting is per project.

Design proposal

Add checkbox to enable force redirect to HTTPs to Settings > Pages.
Setting is saved automatically.
This will have HTTPS only by default for all new pages, off for existing ones

Edited Sep 27, 2017 by Fabio Busatto