For a largely authenticated site like one that runs Commons, it's always best to use HTTPS to secure all of the user sessions. I'm sure any corporate Intranet will do that and hopefully many community sites will as well.

I know this is not a use case for all Commons sites, so it should not be enabled by default. However, since it is relatively common, we should acknowledge it. But since it requires core patches right now (and the foreseeable future), maybe we should include at least those core patches, so that others do not need to hack Commons core.

Comments

Title:Add HTTPS support with Secure Pages moduleAdd HTTPS support with Secure Pages module & core patches

Seems reasonable. I'd accept a patch to add these to the make file.

Priority:Minor» Normal