Major bug with domain mapping and forcing http/https

Domain mapping on a multisite network is a difficult because at best we can use a wildcard domain which allows SSL in admin areas network-wide and site-wide on the primary site on the network, but not on mapped domains of subsites. This isn’t a big deal, it’s just hard to get working properly.

I’m not sure how long this has been an issue, but I’ve noticed all sites on my network (including the primary site) are accessible via either http or https. This is a major issue for SEO and usability, it should redirect to one or the other.

I thought this may be just an issue with my network, but I noticed that Edublogs.org has the exact same issues where (I assume) you use the same plugin for domain mapping.

There should be an option in domain mapping (or just detect config) to set the primary network site as http or https and always force it. Mapped domains on all network subsites should always be forced http since there’s no way (that I know of) to have a separate SSL cert for a mapped domain on each network sub site.

I think SSL has become more important lately with all of the recent security issues. I also know that WordPress is moving to SSL as well. WordPress.com now forces SSL and the core team has some things in the works. Google is also starting to reward sites who https, which is much faster these days with SPDY support.

Thoughts?