302 从 HTTPS 重定向到 HTTP [英] 302 redirects from HTTPS to HTTP
问题描述
在浏览器必须从 https 站点重定向回 http 站点的情况下,是否可以使用 302(或 303)重定向来完成,而不会导致浏览器发出任何安全警报?
In a situation where a browser has to be redirected back to a http site from a https site, can this be done using a 302 (or 303) redirect without causing any security alerts from the browser?
重定向目标可能是提供 https 内容的系统的不同域,因此浏览器可能正在访问来自 https://server.domain1.com/ 现在需要重定向到 http://different.domain2.com/
The redirect target could be a different domain to the system that was providing the https content, so the browser may of been accessing pages from https://server.domain1.com/ and now needs to be redirected to http://different.domain2.com/
重定向也可能是对表单发布的响应,但不会重新发布数据.在这种情况下,浏览器是否会因为 302 重定向而发出安全警告?303 是否有助于任何安全警报?我想避免显示本质上只有一个元刷新或 javascript 函数来触发重定向的空白页面.
The redirect may also be in response to a form post, but without re-posting the data. Will browsers bring up a security warning as a result of the 302 redirect in this instance? Does 303 help with any security alerts? I'd like to avoid displaying what would essentially be a blank page with only a meta-refresh or javascript function to trigger the redirection.
在这种情况下,我一直在尝试查找浏览器列表及其对 302 和 303 的响应,但找不到任何此类列表.
I've been trying to find a list of browsers and their responses to both 302 and 303 in this situation, but can't find any such list.
推荐答案
正常将 http 重定向到 https 不应触发警告(例如在 iframe 中),但从 https 页面到 http 页面的 POST 可能会触发警告.
A normal redirect http to https should not trigger a warning (expect in iframe for example) but a POST from an https page to an http page may trigger a warning.
无论如何,您应该考虑用户的安全并使用 https,而不是试图避免合法警告.
And in any case, you should think about the safety of your users and use https rather than trying to avoid legitimate warnings.
这篇关于302 从 HTTPS 重定向到 HTTP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
