> This is also not relevant to what I am stating. If you develop, do it > regardless of http/https that is convenient for everyone. It will be to > your own benefit. If you have to host the application on your own server, > so be it. It will be easier with choosing your https solution. You could > already be developing it now, and later you can check how to use openssl. > Last thing you want, is an application that forces https or http. >
http is an insecure protocol. I don't want my website to run on http. So, I am hardcoding https in links in my website that refer to pages in my website. Now, I know that you will write why not redirect http to https by default. The problem with this is that if the website gets migrated to different provider and if people forget to redirect http to https in new setup then it will become a security problem. Hardcoding https solves all issues.
