I'm not sure whether to consider this a bug report or a feature request, but here it is: Currently, for each domain configured, you may specify whether to use http or https, and if a domain source is configured, URLs throughout that site (including form actions and so forth) use that protocol.
This doesn't entirely support my configuration. We have a public domain for our public website that uses http in most cases, but enforces the use of https for certain paths (the user login page and the admin pages) to protect this data.
Unfortunately, configuring the URL scheme for this domain to be http:// and simply letting our rewrite rules redirect to https:// does not work. Since the form actions are all set to http:// with this configuration, form submissions from https:// fail.
The solution would be one of the following:
- Allow both http and https on a given domain, and write URLs to one or the other depending on the request or base URL (using the dynamic base URL in #633726: Include instructions for altering $base_url), or
- Allow certain paths to be configured to use a separate protocol from the domain's main protocol. (This solution would be even better because it would reduce the number of rewrite rules needed to support such a configuration.)