Comment 1 for bug 691002

I think this is both of a client-side issue and a deployment issue, but so far our code base doesn't depend on being served over http or https.

The client library should allow you to call certain methods over http but others over https. That is something piston-mini-client is missing, and then rnrclient. I've created bug #704885 for this.

One thing the server *could* do is check that each method is being served over http(s) as intended, and fail otherwise. We could provide two decorators (ensure_http and ensure_https) and apply them to each piston resource as needed.

I'd recommend a setting to disable these checks, so that the code can still be deployed on a server that doesn't respond to both schemes.