GitLab Pages force HTTPS
Description
GitLab Pages provides both HTTP and HTTPS connections (if a certificate is available), but HTTPS is not enforced. So, if you request resources via HTTP, it will stay unencrypted.
Proposal
Add an option that enforce HTTPS connections: if a connections is HTTP, and the current domain (shared or custom) has a certificate, a 301
redirect message is sent back to the client.
HTTP/1.1 301 Moved Permanently
Location: https://<username>.gitlab.io
This setting is per project.
Design proposal
- Add checkbox to enable force redirect to HTTPs to Settings > Pages.
- Setting is saved automatically.
- This will have HTTPS only by default for all new pages, off for existing ones
Edited by Fabio Busatto