强制一个特定的页面使用HTTPS与angularjs [英] Forcing a specific page to use HTTPS with angularjs

问题描述

在我们的应用程序，我们有，我们要使用SSL，因为我们正在处理信用卡信息的支付页面。我们已经制定重写规则让Apache请求到指定的页面重定向到HTTPS - 这需要的任何直接请求付款页面护理（的 http://oursite.com/pay ）。

In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay ).

然而，大多数的导航在我们的网站通过使用的状态完成> UI路由器 在angularjs，我们已经发现，Apache不捕捉这些请求，因此提供的页面没有SSL。

However most navigation in our site is done via relative urls and states using ui-router in angularjs and we have found that apache does not catch these requests and so serves the page without SSL.

EX如果用户点击与 UI-SREF ='工资' UI路由器加载模板​​的链接并刷新状态 - 在任何时候，是向服务器发出一个新的URI请求以便Apache不能重定向到https

EX If a user clicks a link with ui-sref='pay' ui-router loads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https

有没有办法强迫用户界面路由器（或角一般），以强制状态下使用HTTPS，而不必改变所有的链接重新加载整个网站？

当然，这也可能是我们的重写规则的缺点......这里是我们至今

Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]

第二组规则是执行html5mode为我们的应用程序。

The second set of rules is to enforce html5mode for our app.

的RewriteCond％{} REQUEST_FILENAME！-f 到位，这样的角度可以获取，为国家缴纳的模板，而不需要SSL。这样行吗？

RewriteCond %{REQUEST_FILENAME} !-f is in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?

推荐答案

我也有类似的问题，虽然是在一个SPA的应用程序中使用$ routeProvider。我所做的就是强制执行控制器内的重定向：

I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:

var forceSSL = function () {
    if ($location.protocol() !== 'https') {
        $window.location.href = $location.absUrl().replace('http', 'https');
    }
};
forceSSL();

这虽然不会重新加载所有资源。但是，这种切换到SSL模式时，只发生一次。

This though does reload all resources. However, this happens only once when switching to SSL mode.

请注意，该功能实际上是在一个这样可以从任何地方调用的服务。

Note, the function is actually in a service so can be called from anywhere.

我希望这有助于。

这篇关于强制一个特定的页面使用HTTPS与angularjs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！