I have a site which has a public and a private area. The private area
should be served via HTTPS. I want to redirect once to an explicit HTTPS url, and then, using relative URLS, have all the links be secure. When the user logs out, I will explicitly link to an absolute non-secure HTTP URL.
My login form is shown a non-secure site via regular HTTP. My login form posts to https://www.mysite.com/login/validate , which loads using a secure connection.
My logs show that Apache is loading the URL via HTTPS and codeigniter is doing its validation correctly.
At the end of my controller function I redirect to /myaccount using CodeIgniter's URL helper's redirect method with a relative URL.
redirect('/myaccount');
This causes codeigniter to redirect to a non-HTTPS URL.
My config base_url is non-HTTPS:
$config['base_url'] = "http://www.mysite.com"
This is because some parts of the site are secure while others are not.
Is there a way to tell CodeIgniter to preserve HTTPS when doing relative redirects? Why is it assuming I want to go to a non-HTTPS site if the current controller was loaded via HTTPS and I am doing a relative redirect?
The desired behavior for me is that if I am doing relative redirect, it should preserve the protocol through which the current request was loaded. Instead, it is switching to what the config base_url has defined, even for relative redirects.
Use this:
$config['base_url'] = "http".((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "s" : "")."://".$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
Instead of this:
$config['base_url'] = "http://www.example.com"
This'll always redirect to where you want it. You don't even have to enter your domain name, just use it as is!
In addition to the above, I also autoload this helper:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
function is_https_on()
{
return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
}
function use_ssl($turn_on = TRUE)
{
$url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if ( $turn_on )
{
if ( ! is_https_on() && $_SERVER['HTTP_HOST'] != 'localhost')
{
redirect('https://' . $url, 'location', 301 );
exit;
}
}
else
{
if ( is_https_on() )
{
redirect('http://' . $url, 'location', 301 );
exit;
}
}
}
/* End of file https_helper.php */
/* Location: ./application/helpers/https_helper.php */
With this in place, I can set my individual pages to always use HTTPS/HTTP (either in a single method in my controller, or - if I want it to affect the whole controller - in the constructor).
I simply use:
use_ssl();
at the beginning of the script, to ascertain that it is loaded via HTTPS.
Alternatively, if I only want to serve it through HTTP, I'll use:
use_ssl(FALSE);
There is no 'out of the box' way to handle this HTTPS / HTTP handoff in CI. What you CAN do is create a small helper (that you auto include) which will add a function like secure_url(), and quite simply returns what a base_url would, but https format.
You would have to emulate the same redirect function maybe as secure_redirect().
you can use a protocol-relative url which will keep persistence in the linking in CI.
in your config.php instead of:
$config['base_url'] = 'http://example.com/';
put;
$config['base_url'] = '//example.com/';
information about protocol-relative links here.
i have tested this on ie11,chrom(e|ium),firefox,midori using CI form library and basic links. all the browsers honor the specification and i have seen this used in the wild without issue.
additionally CI version 3 has a is_https function built in
you should be able to simple use is_https in your controller (eg in the construct) and redirect if not https, then useing the above method maintain http or https without constant redirections.
eg, to keep the entire controller as https, insert into your controller:
public function __construct()
{
parent::__construct();
$this->load->helper('url');
if(! is_https()){
redirect('https:'.base_url('/page'));
}
//!! $conig['base_url'] must be protocol-relative
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 狗以群分 的文章《Codeigniter redirect not preserving HTTPS in relat》','https://www.manongdao.com/article-564416.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}