强制一个特定的页面使用HTTPS与angularjs [英] Forcing a specific page to use HTTPS with angularjs
问题描述
在我们的应用程序,我们有,我们要使用SSL,因为我们正在处理信用卡信息的支付页面。我们已经制定重写规则让Apache请求到指定的页面重定向到HTTPS - 这需要的任何直接请求付款页面护理(的 http://oursite.com/pay )。
In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay ).
然而,大多数的导航在我们的网站通过使用的状态完成> UI路由器
在angularjs,我们已经发现,Apache不捕捉这些请求,因此提供的页面没有SSL。
However most navigation in our site is done via relative urls and states
using ui-router
in angularjs and we have found that apache does not catch these requests and so serves the page without SSL.
EX如果用户点击与 UI-SREF ='工资'
UI路由器
加载模板的链接并刷新状态 - 在任何时候,是向服务器发出一个新的URI请求以便Apache不能重定向到https
EX If a user clicks a link with ui-sref='pay'
ui-router
loads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https
有没有办法强迫用户界面路由器(或角一般),以强制状态下使用HTTPS,而不必改变所有的链接重新加载整个网站?
当然,这也可能是我们的重写规则的缺点......这里是我们至今
Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]
第二组规则是执行html5mode为我们的应用程序。
The second set of rules is to enforce html5mode for our app.
的RewriteCond%{} REQUEST_FILENAME!-f
到位,这样的角度可以获取,为国家缴纳的模板,而不需要SSL。这样行吗?
RewriteCond %{REQUEST_FILENAME} !-f
is in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?
推荐答案
我也有类似的问题,虽然是在一个SPA的应用程序中使用$ routeProvider。我所做的就是强制执行控制器内的重定向:
I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:
var forceSSL = function () {
if ($location.protocol() !== 'https') {
$window.location.href = $location.absUrl().replace('http', 'https');
}
};
forceSSL();
这虽然不会重新加载所有资源。但是,这种切换到SSL模式时,只发生一次。
This though does reload all resources. However, this happens only once when switching to SSL mode.
请注意,该功能实际上是在一个这样可以从任何地方调用的服务。
Note, the function is actually in a service so can be called from anywhere.
我希望这有助于。
这篇关于强制一个特定的页面使用HTTPS与angularjs的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!