HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SSLControllers 1.0

Update: I've been running this plugin on a production server since its release without issues. Considered Stable.

Enables SSL Support in Vanilla 2. Once enabled you can specify which controllers should be delivered using SSL via your /conf/config.php file. By default the following controllers are set to be delivered using SSL, entrycontroller, utilitycontroller, settingscontroller and postcontroller. The plugin will also override the default ajax popup behaviour due to http>https, https>http security restrictions. There is also a SecureSession param that is TRUE by default which will delivery the entire site in SSL for the duration of a user's logged in session. Please note that in some browser, pages with third party code on them like Google AdSense, may fire an unsecure/mixed content warning the first time they are accessed by the user within a secure session. This is because Google do not currently offer an SSL version of their AdSense Code.

Links that might be useful:

SSL Discussion:

SSLControllers on GitHub:

Please check thoroughly on your non production environment before moving to your production server if it contains an active community. Should you encounter any issues please ensure you are running the latest version of Vanilla 2, or have update the core files listed to those in the latest version. I am working on improving the non-ajax popup integration and would appreciate feedback. Please give feedback within the SSL Discussion linked above.

Hope people find this useful.