From 78828028d31faeaec69e94a25a2c4b3cdd3eabaa Mon Sep 17 00:00:00 2001
From: Alexis Gavoty <kload@kload.fr>
Date: Fri, 11 Apr 2014 15:18:04 +0200
Subject: [PATCH] [enh] Force HTTPS when set authentication headers (closes #3)

---
 access.lua | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/access.lua b/access.lua
index 3dc424e..43ff5ab 100644
--- a/access.lua
+++ b/access.lua
@@ -200,6 +200,9 @@ function authenticate (user, password)
 end
 
 function set_headers (user)
+    if ngx.var.scheme ~= "https" then
+        return redirect("https://"..ngx.var.http_host..ngx.var.uri)
+    end
     user = user or ngx.var.cookie_SSOwAuthUser
     if not cache:get(user.."-password") then
         flash("info", "Please log in to access to this content")