diff --git a/phpBB/phpbb/feed/event/http_auth_subscriber.php b/phpBB/phpbb/feed/event/http_auth_subscriber.php
index 3c35c769c8..6aedfb361b 100644
--- a/phpBB/phpbb/feed/event/http_auth_subscriber.php
+++ b/phpBB/phpbb/feed/event/http_auth_subscriber.php
@@ -72,6 +72,12 @@ class http_auth_subscriber implements EventSubscriberInterface
 			return;
 		}
 
+		// Only allow HTTP authentication in secure context (HTTPS)
+		if (!$request->isSecure())
+		{
+			return;
+		}
+
 		// Check if HTTP authentication is enabled
 		if (!$this->config['feed_http_auth'])
 		{
diff --git a/tests/feed/http_auth_subscriber_test.php b/tests/feed/http_auth_subscriber_test.php
index d3f00aef68..ee50ec9088 100644
--- a/tests/feed/http_auth_subscriber_test.php
+++ b/tests/feed/http_auth_subscriber_test.php
@@ -95,6 +95,39 @@ class http_auth_subscriber_test extends \phpbb_test_case
 		$this->subscriber->on_kernel_request($event);
 	}
 
+	public function test_insecure_connection_skipped()
+	{
+		$request = $this->getMockBuilder('\Symfony\Component\HttpFoundation\Request')
+			->disableOriginalConstructor()
+			->getMock();
+
+		$request->attributes = $this->getMockBuilder('\Symfony\Component\HttpFoundation\ParameterBag')
+			->disableOriginalConstructor()
+			->getMock();
+
+		$request->attributes->expects($this->once())
+			->method('get')
+			->with('_route')
+			->willReturn('phpbb_feed_overall');
+
+		$request->expects($this->once())
+			->method('isSecure')
+			->willReturn(false);
+
+		$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
+			->disableOriginalConstructor()
+			->getMock();
+
+		$event->expects($this->once())
+			->method('getRequest')
+			->willReturn($request);
+
+		$event->expects($this->never())
+			->method('setResponse');
+
+		$this->subscriber->on_kernel_request($event);
+	}
+
 	public function test_http_auth_disabled()
 	{
 		$this->config['feed_http_auth'] = 0;
@@ -112,6 +145,10 @@ class http_auth_subscriber_test extends \phpbb_test_case
 			->with('_route')
 			->willReturn('phpbb_feed_overall');
 
+		$request->expects($this->once())
+			->method('isSecure')
+			->willReturn(true);
+
 		$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
 			->disableOriginalConstructor()
 			->getMock();
@@ -143,6 +180,10 @@ class http_auth_subscriber_test extends \phpbb_test_case
 			->with('_route')
 			->willReturn('phpbb_feed_overall');
 
+		$request->expects($this->once())
+			->method('isSecure')
+			->willReturn(true);
+
 		$event = $this->getMockBuilder('\Symfony\Component\HttpKernel\Event\GetResponseEvent')
 			->disableOriginalConstructor()
 			->getMock();