Hi Alex,

I think you should force SSL(443) for all online versions of Gargantext. As long as login is required, we should make sure all communications are secured between our servers and clients.

I saw you are using Nginx. I recommend full HTTPS config like:

server {
    listen      80;
    server_name gargantext.org;
    return 301 https://gargantext.org$request_uri;
}
server {
        listen 443;
        server_name gargantext.org;
....

This would force HTTPS for the entire server :)