发表新帖
发表新帖

How to redirect from HTTPS to HTTP without annoying error messages

后端 未结
关注
3 1604
無奈伤痛
無奈伤痛 2020-12-13 19:49

I want to redirect users, after HTTPS login, to the HTTP pages on the site. Using HTTPS for the whole site is not going to happen.

What I have so far is the followi

相关标签:
3条回答
  • 忘掉有多难
    2020-12-13 19:56

    I am considering black-listing IE6 so that only it gets the slow meta refresh and everyone else gets the fast 302.

    I would do something like that. Also include a plain HTML link in the body for accessibility.

    Note that some other browsers do give a similar warning about leaving an HTTPS site, but in their case it is accompanied by a (generally pre-ticked) “don't ask me again” button. So by the time they get to your site they will almost certainly have told that warning to disappear. This doesn't make the warning less pointless, but at least it alleviates the problem.

    1. The secure server sends a 302 redirect to the client

    You shouldn't 302 in response to POST. A theoretical browser that took the HTTP RFC seriously might respond to that by re-POSTing the form to the new URL. (Which, ironically, would make IE6's warning about information “being retransmitted to a nonsecure site” less misleading.) Instead use “303 See other”.

    0 讨论(0)
  • 太阳男子
    2020-12-13 20:01

    I don't think there's any other way. That error message is for the user's benefit, and is present in IE 7 and Firefox 3 now as well. The only way that I know of to prevent it is to add your site as trusted within the browser.

    Update: Oh, so it's not the mixed content error. I know which one you mean, though I still don't think you can disable the error. Generally, security errors are for the users benefit to protect them from potentially dangerous sites, and as such, cannot be disable by the (potentially unsafe) website itself.

    0 讨论(0)
  • 迷失自我
    2020-12-13 20:05

    Reviving an old topic , but to make it compelete posting the following so other devs can have a choice of implementation

    One way of moving bettween https to http without a warning message is to use client redirect using javascript.

    Steps

    1. User enters login details on a https form and click on login button
    2. login button will post back to https form for login validation ( assuming login is correct) will redirect to a holding page which is also under https and displays the message ( please wait while the site redirects you)
    3. This holding page does a javascript redirect to the http page

    no browser warning message will be displayed

    HTH

    0 讨论(0)
 看不清?
提交回复
热议问题