back to

Forcing HTTPS everywhere

I’m forcing HTTPS on in my site with this document root level .htaccess file setting:

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Now I noticed that this setting in /lists/.htaccess:

Options -MultiViews
RewriteEngine On
RewriteRule api/v2/ api.php [L]

overrides my root level RewriteRule so that HTTPS direction does not work any more. The new lines were introduced in 3.4.1, I think, because of the new RestAPI.

I’m running Apache 2.4.41.

The PUBLIC_PROTOCOL setting only affects on admin requests.

At the moment I duplicate the root level RewriteRule into /lists/.htaccess. So I have to remember to update it on every upgrade of phpList.
Could PUBLIC_PROTOCOL setting be changed so that it affects all requests?