Ian*_*oyd 10 html google-chrome internet-explorer-9
假设我有一个表格,现在正在做一个帖子:
<form id="post-form" class="post-form"
action="/questions/ask/submit" method="post">
您会注意到该网站中没有任何网站action,浏览器会跟随其中的网页.
发布时,浏览器遵循当前的域规则
If the current page is... then the browser will POST to
======================================= =============
http://stackoverflow.com/questions/ask http://stackoverflow.com/questions/ask/submit
https://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
但我想确保浏览器始终转到安全页面:
http://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
通常你会尝试这样的事情:
<form id="post-form" class="post-form"
action="https://stackoverflow.com/questions/ask/submit" method="post">
除此之外,需要知道托管站点的域名和虚拟路径名称(例如stackoverflow.com).如果网站被更改:
stackoverflow.netstackoverflow.com/mobile de.stackoverflow.comstackoverflow.co.uk/frbeta.stackoverflow.com然后表格action也必须更新:
<form id="post-form" class="post-form" action="https://stackoverflow.net/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://stackoverflow.com/mobile/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://de.stackoverflow.com/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://stackoverflow.co.uk/fr/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://beta.stackoverflow.com/questions/ask/submit" method="post">
如何指示浏览器转到页面https版本?
假设语法:
<form id="post-form" class="post-form" action="https://./questions/ask/submit" method="post">
最初302 Found是告诉用户代理去其他地方的代码.目的是浏览器只需在新位置再试一次:
POST /questions/ask/submit
302 Found
Location: /submitquestion
POST /submitquestion
不幸的是,所有浏览器都错了,并且会错误地总是GET在新位置使用:
POST /questions/ask/submit
302 Found
Location: /submitquestion
GET /submitquestion
因为浏览器弄错了,所以创建了两个新代码:
302 Found:( 旧版已弃用)在新位置再次尝试完全相同的内容; 但是旧版浏览器正在转向GET303 See Other:忘记用户正在做的事情,然后去做GET这个位置307 Temporary Redirect:在新的位置再次尝试完全相同的事情(不,严重,同样的事情 - 我没有说你可以切换到GET.如果你正在做一个,DELETE那就去吧DELETE.)例如,如果用户代理位于以下位置POST:
| Response | What agent should do | What many agents actually do |
|------------------------|-----------------------|------------------------------|
| 302 Found | POST to new Location | GET from new Location |
| 303 See Other | GET from new Location | GET from new Location |
| 307 Temporary Redirect | POST to new Location | POST to new Location |
理想情况下,可以使用一种方法307 Temporary Redirect告诉用户代理POST再次尝试安全URL:
POST /questions/ask/submit
307 Temporary Redirect
Location: https://beta.stackoverflow.com/questions/ask/submit
POST /questions/ask/submit
我可以在ASP.net中使用足够好的服务器端:
if (!Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
//We don't want to send the client the deprecated 302 code, we want to use 307 telling them that we really want them to continue the POST, PUT, DELETE, etc
Response.StatusCode = (int)System.Net.HttpStatusCode.TemporaryRedirect;
Response.End();
}
但我不知道你是否可以指定一个完整的uri Location.
您可以使用 javascript 更改表单的操作:
var form = document.getElementById("post-form");
form.action = location.href.replace(/^http:/, 'https:');
但是有一些安全考虑,我建议您将表单的 url 重定向到 https。尽管您可以从 javascript 执行此操作,但在达到安全性时您永远不应信任 javascript,因此请从服务器执行此操作(它也更快,不必加载页面,只需加载 http 标头)
| 归档时间: |
|
| 查看次数: |
26841 次 |
| 最近记录: |