Once we start doing auth we should enforce HTTPS for all requests.
Once we start doing auth we should enforce HTTPS for all requests.