您是否可以强制HTML表单将HTTPS用于相对URL? [英] Can you force an HTML form to use HTTPS for relative URLs?
问题描述
我有一个网站,其中每个页面都通过HTTPS提供。在其中一个页面上,我有一个表单,其action属性设置为相对URL。
I have a website in which every page is served via HTTPS. On one of the pages I have a form whose action attribute is set to a relative URL.
带表单的页面只能通过HTTPS和表单页面访问帖子只能通过HTTPS点击,但在IE中我得到一个安全警告,告诉我我将要切换到不安全的连接。除了将包含协议的完整URL编入表单的action属性之外,还有什么办法可以防止这个问题吗?
The page with the form can only be accessed via HTTPS and the page the form posts to can only be hit via HTTPS, yet in IE I get a security warning telling me I'm about to switch to an insecure connection. Is there any way to prevent this problem beyond codding the full URL including the protocol into the form's action attribute?
更新:
我尝试对整个网址进行硬编码,但仍然会弹出。
I tried hardcoding the entire URL and still I get the pop-up.
相关代码为:
<html>
<body>
<form action="https://mydomain.com/editProfile">
...
</form>
</body>
</html>
当我点击IE6中的提交按钮时,我会收到一个安全警告弹出窗口。如果单击确定,将显示结果页面,协议仍为HTTPS。我开始怀疑它是否是导致问题的表单POST。
As soon as I click the submit button in IE6 I get a security alert pop-up. If I click ok, the result page is displayed and the protocol is still HTTPS. I'm starting to wonder if it is the form POST that's causing the issue.
推荐答案
你不能(除了设置https的基本URL)。根据 RFC 1808 (相对URL),以方案名称开头的URL始终被解释为绝对URL(第4节,第2a步)。
You can't (other than setting the base URL to https). According to RFC 1808 (relative URLs), an URL starting with a scheme name is always interpreted as an absolute URL (section 4, step 2a).
(正如其他人所指出的,相对URL保留了方案,所以问题出在其他地方,可能是未加密的图像或CSS文件,但是问题本身就很有趣。)
(As others pointed out, relative URLs keep the scheme, so the problem was elsewhere, probably with an unencrypted image or CSS file, but the question was interesting in its own right.)
这篇关于您是否可以强制HTML表单将HTTPS用于相对URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
