Hello,

I'm operating my site in SSL (https://). When a user tries to login he gets error:
Invalid Redirect URL (http://www.lagadas.com/)

As you can see the redirection is http and not https even if in the settings I've set all URLs with https. I was able to fix this problem by enabling the "Disable Redirection Domain" and now it works fine. But what scares me is that there is a warning on this setting saying that by disabling it I'm getting in risk.

Is there any other way to do it?

Thank you

Enter that invalid redirect URL into AdminCP > Settings > Options > Site Name/URL/etc > Redirect Domain Whitelist (without the ending / as per the instructions)

You may want to do an .htaccess redirect from http://www.lagadas.com/ to https://www.lagadas.com/ (and http://lagadas.com/ to https://www.lagadas.com/) so that users can't access the site without an https URL

I am not a htaccess guy so if this is not right someone fix any problems with it

RewriteEngine on
RewriteCond %{HTTP_HOST} ^lagadas\.com$ [OR]
RewriteCond %{HTTP_HOST} ^http\.lagadas\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.lagadas\.com$
RewriteRule ^(.*)$ https://www.lagadas.com/$1 [R=301,L]

full htaccess file below

I'm a Trial and Error .htaccess person, so I can't really comment on what ForceHSS posted. :)