Redirect all pages containing a form to HTTPS.

uw_security.info

+name = uWaterloo security
+description = Provides security features.
+core = 7.x
+package = uWaterloo Core

uw_security.module

+<?php
+
+/**
+ * Implements hook_form_alter().
+ *
+ * Redirect all pages containing a form to HTTPS.
+ * Code based on securelogin module.
+ */
+function uw_security_form_alter(&$form, &$form_state, $form_id) {
+  global $is_https;
+  // Flag form as secure for theming purposes.
+  $form['#https'] = TRUE;
+  // POST requests are not redirected, to prevent unintentional redirects which result in lost POST data.
+  if (!$is_https && $_SERVER['REQUEST_METHOD'] !== 'POST') {
+    // Ignore the destination for this redirect (it was preserved in the query).
+    unset($_GET['destination']);
+    // Can't use https option to url() because we are not setting the https global variable (which is bad for security).
+    drupal_goto(preg_replace('/^http:/', 'https:', url($_GET['q'], array('query' => drupal_get_query_parameters(), 'absolute' => TRUE))), array(), 301);
+  }
+}