Handle access to server via non-secure endpoint when it's deployed as secure

If exoframe-server is deployed via `https`, you can still access it using `http`. But apparently it causes some weird issues (see #312).
It should be possible to address this either by warning a user or forcing https in config (if we detect redirect on auth).