Menu
We develop a desktop application and it makes requests to our own API endpoints. Right now all the requests that the desktop application makes to our API are HTTP. I now want all those requests from within the application to be encrypted. Is it enough to simply do an .htaccess HTTP to HTTPS redirect to achieve that? Or do I need to go into the app and make sure that each request starts out as HTTPS?
297
You really need to make sure that each API request is done via HTTPS in the first place.
A re-direct (if it even works with POST requests at all) would just result in the request being sent twice (and the first one would be unencrypted, so that an eavesdropper could read everything).
Also, if you app does not require HTTPS (potentially with a pinned server certificate) it is subject to man-in-the-middle attacks: The man in the middle can just intercept the request, never connect you to HTTPS, change the response data at will and your app would not mind.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
