Comment 1 for bug 1507013

These both look to fail because a 307 won't pass POST parameters (or, more accurately, will only pass GET parameters, if parameters there be).

IMO, the SRU part is pretty easily solved. All practical use of that URL is over localhost, so with a localhost non-SSL exception MITM is mitigated at the http level. Z39.50 itself does not have TLS support, so not much we can do there but suggest folks use stunnel if they want encrypted Z...

For offline.pl, things are more tricky. We may not be able to force SSL there until the web client (or at least a major version release).