$ _ POST值了SSL开启后 [英] $_POST values gone after SSL turned on

问题描述

在Android中，我尝试发送到Web服务器的JSON结构。它工作正常的HTTP。但以https，$ _ POST值对都没有了。在PHP中，后续代码var_dump $ _POST返回Array（0）
然而，与HTTPGET HTTP和HTTPS效果很好。

  MyHttpClient的HttpClient =新MyHttpClient（背景）;        HttpPost httpPost =新HttpPost（URL）;
        httpPost.setEntity（新UrlEn codedFormEntity（PARAMS））;        HTT presponse HTT presponse = httpClient.execute（httpPost）;
        HttpEntity httpEntity = HTT presponse.getEntity（）;
        是= httpEntity.getContent（）;
 

解决方案

  

如果我设置HttpClientParams.setRedirecting（参数，可以假）;那么页面
  返回临时断开链接固定的

这听起来像你发送请求到一个的http：// URL和重定向（可能通过计数的mod_rewrite 或类似的，如在PHP code本身重定向的东西），把你的网页到 HTTPS 。

这种操作模式首先使普通HTTP请求到服务器，然后告诉客户端资源已移动到的https：// 地址。反过来，如果自动重定向被激活，客户端发出第二次请求。

根据 HTTP规范，对于状态codeS 301或302 的（其被用于重定向），

  

如果在301/302状态code接收到响应比其他的请求
  GET或HEAD，用户代理禁止自动重定向
  请求，除非它可以由用户来确认，否则可能
  改变已发出请求条件而定。

大多数浏览器间preT这是如果第一个请求是一个POST，不重新发送数据重定向请求，但使第二个请求GET无妨。这可以解释为什么你失去任何已发布机构第二次尝试。

请注意的是，对于在原因这个答案解释说，过度依赖重写/重定向到把一个的http：// 请求转换成的https：// 请求应该被认为是不好的做法

In android, I try to send to the web server in a json structure. It works fine with http. But with https, $_POST values pairs are gone. In PHP, var_dump $_POST returns array(0) However,HttpGet works well with both http and https.

        MyHttpClient httpClient = new MyHttpClient(context);

        HttpPost httpPost = new HttpPost(url);
        httpPost.setEntity(new UrlEncodedFormEntity(params));

        HttpResponse httpResponse = httpClient.execute(httpPost);
        HttpEntity httpEntity = httpResponse.getEntity();
        is = httpEntity.getContent();

解决方案

If I set HttpClientParams.setRedirecting(params, false); Then the page returns "Temporary broken link fixed"

It sounds like you're sending your request to an http:// URL and counting on a redirection (possibly via mod_rewrite or something similar such as a redirection in the PHP code itself) to turn your page into https.

This mode of operation first makes the plain HTTP request to the server, which then tells the client that the resource has moved to the https:// address. In turn, if the automatic redirection is activated, the client makes a second request.

According to the HTTP specification, for status codes 301 or 302 (which are used for the redirection),

If the 301/302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

Most browsers interpret this as "if the first request was a POST, don't re-send the data for the redirected request, but make the second request a GET anyway." This would explain why you lose any POSTed body for the second attempt.

Note that, for the reasons explained in this answer, over-reliance on rewrite/redirects to turn an http:// request into an https:// request should be considered bad practice.

这篇关于$ _ POST值了SSL开启后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！