It's not documented anymore, but $ssl with value -1 should force HTTP. It's what menu items have:

Basing protocol on request would require another option, I think.

Value 2 is forcing http and that should still works.

Value -1 should do that also, as described above. With this patch, menu item settings aren't respected anymore.

The API for route::link is different then the https force options.

We convert it before we call route::link
you will find this in the registration.php:
$linkMode = $config->get('force_ssl', 0) == 2 ? 1 : -1;

Secure menu item option is different from Force SSL option in global configuration. Somewhere between 3.1 and 3.2 the description of $ssl param was changed but behavior remained the same. This is from 3.1.0:

/**
 * Translates an internal Joomla URL to a humanly readible URL.
 *
 * @param   string   $url    Absolute or Relative URI to Joomla resource.
 * @param   boolean  $xhtml  Replace & by & for XML compilance.
 * @param   integer  $ssl    Secure state for the resolved URI.
 *                             1: Make URI secure using global secure site URI.
 *                             0: Leave URI in the same secure state as it was passed to the function.
 *                            -1: Make URI unsecure using the global unsecure site URI.
 *
 * @return  The translated humanly readible URL.
 *
 * @since   11.1
 */
public static function _($url, $xhtml = true, $ssl = null)

So it's technically correct that -1 forces HTTP. But we do need a new option to use protocol from request.

-1 doesn't force it, -1 uses the current protocol. It's used because it's int and not 0 but don't ask me why not NULL is used.

Without patch value -1 forces HTTP and this is fine. Changing this is going to break secure option in menu items. Also with this patch value 2 doesn't force HTTP when current URL is HTTPS.

A B/C safe solution is to introduce another value to replace -1 wherever we want to use protocol from request.

To be more clear, behavior with both -1 and 2 is exactly the same and it must remain so.

So I rewrote route::_ and route::link to support absolute parameter.

And also deprecated -1 and added constants to the route class.

@chrisxchrisxchrisx please test > https://docs.joomla.org/Testing_Joomla!_patches

Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:

Steps to test the patch

In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1

Users: Options: Allow User Registration: Yes

Users: Options: New User Account Activation: Administrators

include {loadmodule mod_login} in an article

link a published menu module to a visible menu

publish a single article menu item for the article in the visible menu

create a hidden menu not linked to any menu module

publish a menu item alias menu item for the single article menu item in the hidden menu

publish a users registration form menu item with the menu item alias menu item as owner

set all the above menu items Metadata Secure = On

select the single article menu item and select Create an account

note that registration links emailed to users and administrators do not honour the security setting but instead use http:

apply patch 24089

clear Joomla cache and expired cache and browser cache

select the single article menu item and select Create an account

Expected result

registration links emailed to users and administrators honour the security setting by using https:

Actual result

https://localhost/joomla-cms-staging/index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found

@chrisxchrisxchrisx please mark your test as unsuccessfully > https://docs.joomla.org/Testing_Joomla!_patches#Recording_test_results

I have tested this item 🔴 unsuccessfully on bb54c76

Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:

Steps to test the patch

In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1

Users: Options: Allow User Registration: Yes

Users: Options: New User Account Activation: Administrators

include {loadmodule mod_login} in an article

link a published menu module to a visible menu

publish a single article menu item for the article in the visible menu

create a hidden menu not linked to any menu module

publish a menu item alias menu item for the single article menu item in the hidden menu

publish a users registration form menu item with the menu item alias menu item as owner

set all the above menu items Metadata Secure = On

select the single article menu item, select Create an account, complete form and submit

note that registration links emailed to users and administrators do not honour the security setting but instead use http:

apply patch 24089

clear Joomla cache and expired cache and browser cache

select the single article menu item, select Create an account, complete form and submit

Expected result

registration links emailed to users and administrators honour the security setting by using https:

Actual result

at index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found

I have tested this item 🔴 unsuccessfully on bb54c76

Thank you all for your work. The test was not successful but it is the first time I have tested a Joomla patch so please bear with me if it was my fault:

Steps to test the patch

In Joomla "staging" from https://github.com/joomla/joomla-cms
With release patch installed but no patch applied from https://github.com/joomla-extensions/patchtester/releases/tag/2.0.1

Users: Options: Allow User Registration: Yes

Users: Options: New User Account Activation: Administrators

include {loadmodule mod_login} in an article

link a published menu module to a visible menu

publish a single article menu item for the article in the visible menu

create a hidden menu not linked to any menu module

publish a menu item alias menu item for the single article menu item in the hidden menu

publish a users registration form menu item with the menu item alias menu item as owner

set all the above menu items Metadata Secure = On

select the single article menu item, select Create an account, complete form and submit

note that registration links emailed to users and administrators do not honour the security setting but instead use http:

apply patch 24089

clear Joomla cache and expired cache and browser cache

select the single article menu item, select Create an account, complete form and submit

Expected result

registration links emailed to users and administrators honour the security setting by using https:

Actual result

at index.php/registration-form?task=registration.register
Error message: The requested page cannot be found
Error: 0 Class 'Route' not found

thx @chrisxchrisxchrisx fixed now

I have tested this item ✅ successfully on 4610fe4

Test as before yields expected result. Well done guys.

I have tested this item ✅ successfully on 4610fe4

Test as before yields expected result. Well done guys.

I have tested this item ✅ successfully on 4610fe4

I have tested this item ✅ successfully on 4610fe4

Status "Ready To Commit".