Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no longer automatically detect SecurityHandler, SessionHandler, etc. It simply passes on the setHandler request to the ContextHandler class (with a warning logged). So make sure to explicitly use the method `setSecurityHandler` to set the ContraintSecurityHandler responsible for the http -> https redirection.pull/1438/head
@@ -453,7 +453,7 @@ public class GitBlitServer { | |||
sh.setConstraintMappings(new ConstraintMapping[] { cm }); | |||
// Configure this context to use the Security Handler defined before | |||
rootContext.setHandler(sh); | |||
rootContext.setSecurityHandler(sh); | |||
} | |||
// Setup the Gitblit context |