Sensitive-test _is_ done in index.php

actions/login.php

@@ -36,24 +36,6 @@ class LoginAction extends FormAction
 {
     protected $needLogin = false;
 
-    /**
-     * Prepare page to run
-     *
-     *
-     * @param $args
-     * @return string title
-     */
-    protected function prepare(array $args=array())
-    {
-        // @todo this check should really be in index.php for all sensitive actions
-        $ssl = common_config('site', 'ssl');
-        if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
-            common_redirect(common_local_url('login'));
-        }
-
-        return parent::prepare($args);
-    }
-
     /**
      * Handle input, produce output
      *