All we need is an easy explanation of the problem, so here it is.
I have a website residing on a domain with a valid SSL certificate that is fully using HTTPS. If I take form data from this site that is secured with an SSL and send it to a non-secure HTTP endpoint using a cURL POST is the transmission fully encrypted considering it’s going from an HTTPS site to an HTTP endpoint?
How to solve :
I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.
Short answer: no, it is not encrypted.
The only thing that matters is the URL you are using to send content, what happened before is irrelevant.
If you are sending your content to an HTTP URL then it is not encrypted, end of story
(except some rare corner cases that you should not rely on, like HSTS preloading where a browser would automatically do an HTTPS request instead).
Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂