I have a restlet-based app running on heroku that I want to use SSL. Heroku has a "piggyback" option which processes SSL connections for you. As far as I can tell, it works like this: Heroku processes the SSL connection, and redirects the call to a normal, unencrypted connection on port 80 and sets HTTP_X_FORWARDED_PROTO header to https. (I assume that incoming calls with HTTP_X_FORWARDED_PROTO are stripped.)
This works fine for allowing https, but I want to require it. I see the Redirector class, but it's not clear to me if I can use this class to solve this problem. Any suggestions? Thanks! bjorn PS I was previously running my app using GAE, which used a servlet container, so I could specify "CONFIDENTIAL" in web.xml. I am not using a servlet container anymore. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2918332
