Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
For a largely authenticated site like one that runs Commons, it's always best to use HTTPS to secure all of the user sessions. I'm sure any corporate Intranet will do that and hopefully many community sites will as well.
I know this is not a use case for all Commons sites, so it should not be enabled by default. However, since it is relatively common, we should acknowledge it. But since it requires core patches right now (and the foreseeable future), maybe we should include at least those core patches, so that others do not need to hack Commons core.
Comments
Comment #1
ezra-g CreditAttribution: ezra-g commentedSeems reasonable. I'd accept a patch to add these to the make file.
Comment #2
ezra-g CreditAttribution: ezra-g commentedComment #3
lsolesen CreditAttribution: lsolesen commented