An update to this PR:
This has been merged:
I now reread this and can better understand @mhjacks’ confusion: I missed the word Drop. I’ll modify the original RFC to reflect this.
This has been merged in the same PR as dropping the setting.
This is partially implemented in:
The actual implementation changes from allowing the request and then send a forbidden to a blanket redirect to HTTPS. The Smart Proxy generally looks at the status codes (I checked most code) and expects 2xx, otherwise it fails. So it should handle the 3xx codes. And in general, when the Smart Proxy is configured to connect over HTTP, it’s generally a misconfiguration.
To be explicit, I think you’re talking about the “drop require_ssl setting and make it mandatory”-part. I also think that during the RFC I’ve come to the conclusion that there’s still a valid use case for this and there’s no need to further pursue this. However, require_ssl_smart_proxies has been dropped.
To be clear, they broke the plugin tests because they had explicit test cases for when require_ssl_smart_proxies was false. I should have better prepared for this since I had done a quick check on some plugins and I’ll try to do better next time.
With all that, I’m going to update the RFC to reflect the final state and mark it as resolved. Thanks everyone involved!