How to enforce using HTTPS access on your website

1. In the Layout perspective, add the Composite.Navigation.HttpsEnforcer function to the website template used with pages you will set HTTPS on (Insert > Function Markup) or add the following code:
   Expand code

   <f:function name="Composite.Navigation.HttpsEnforcer" xmlns:f="http://www.composite.net/ns/function/1.0"> 
     <f:param name="AlwaysStayOnHttps" value="False" /> 
     <f:param name="RedirectC1Users" value="False" /> 
   </f:function>

   
   
2. Keep the default values for the parameters or set them as described in "How to configure optional parameters" below.
3. Add the HttpsEnforcer Page Settings metadata field (Composite.Navigation.HttpsEnforcer.PageSettings metatype) to the page, which you want visitors to access via HTTPS. (This page and all its sub-pages will require HTTPS fro now.)
4. Make sure that you set the Inherit Display parameter to "Do not inherit".
5. The metadata field added, make sure that the Require HTTPS option is checked on the Metadata tab of the page.

How to configure optional parameters

Always Staying on HTTPS

By default, if visitors use HTTPS to access pages not requiring HTTPS, they will be redirected to pages using HTTP.

To allow the visitors to stay on HTTPS when using HTTPS even though they request HTTP-based pages, you should set the Composite.Navigation.HttpsEnforcer function's AlwaysStayOnHttps parameter to "true".

Redirecting CMS Users

By default, if users are logged on to the CMS Console and browse the website at the same time, they will not be redirected to HTTPS even though they access pages that require this protocol.

To allow the logged-on CMS Users to be redirected to HTTPS whenever they access HTTPS-based pages in the web browser, you should set the Composite.Navigation.HttpsEnforcer function's RedirectC1Users parameter to "true".