We concerned there are security issues with CName, that is assuming the path of our registration form is known by someone else, they could submit the form via splicing the path and host, then the data will be submitted to our PROD environment, this is not acceptable.
A form url is http://cdsweb-uat.xxx.sg/cn/a9qpd/apautotestform02, even if we replace the host and access http://cdsweb.xxx.sg/cn/a9qpd/apautotestform02, the data will be submitted to the uat environment.
Please add a feature to support HTTPS for CName.
For more information, we tried to use a reverse proxy to change the url to https with our domain, but our request was blocked after submission. If there is a way to allow the request to pass through, the issue could be solved also.