I’m forcing HTTPS on in my site with this document root level .htaccess file setting:
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Now I noticed that this setting in /lists/.htaccess:
Options -MultiViews
RewriteEngine On
RewriteRule api/v2/ api.php [L]
overrides my root level RewriteRule so that HTTPS direction does not work any more. The new lines were introduced in 3.4.1, I think, because of the new RestAPI.
I’m running Apache 2.4.41.
The PUBLIC_PROTOCOL setting only affects on admin requests.
At the moment I duplicate the root level RewriteRule into /lists/.htaccess. So I have to remember to update it on every upgrade of phpList.
Could PUBLIC_PROTOCOL setting be changed so that it affects all requests?