如何在使用相对URL来改变HTTP / HTTPS协议 [英] How to change http/https Protocol while using relative URL

问题描述

相关协议的URL的不的什么我要找的。我在寻找的绝对指定协议（http和https），同时保持相对URL的主机名的方式。

Protocol-relative URLs aren't what I'm looking for. I'm looking for a way of absolutely specifying a protocol (http vs https) while keeping the host name of the url relative.

给定一个相对URL，如/ SearchForStuff我希望能够指定一个不同的协议HTTPS与HTTP等，而无需指定主机名/域名。

Given a relative URL such as "/SearchForStuff" I want to be able to specify a different protocol "https vs. http" etc. without having to specify a host/domain name.

我们的网站上有我们跨越我们网站上的每个页面的顶部显示标题局部视图。该网站上的某些网页是HTTP的，有些是HTTPS。报头包含了站点范围内的搜索文本框和按钮。该网站的搜索结果页面是使用HTTP总是提供的，所以我们希望表单动作指向一个相对路径，/查找。但是，我们希望相同的标题，以我们的许多内部测试服务器（10.10.10.123等），以及我们面向公众的服务器（www.publicfacingserver.com）上工作，最好在不改变头部局部视图的内容。所以基本上我正在寻找的是指定一个协议，用于搜索行动，同时保持相对的服务器/主机名的方式。

Our site has a header partial view which we display across the top of every page on our site. Some pages on the site are http and some are https. The header contains a textbox and button for site-wide search. The site search results page is always provided using http, so we want the form action to point to a relative path, "/find". However, we want the same header to work on our many internal test servers (10.10.10.123 etc.) as well as our public facing server ("www.publicfacingserver.com"), ideally without changing the content of the header partial view. So essentially what I'm looking for is a way of specifying a protocol for the search action while keeping the server/host name relative.

目前，以确保它是不可能的用户从安全网页链接到的网站的搜索结果的安全页面，我们硬code用于网站搜索的动作绝对URL，完成协议和主机名，例如http://www.publicsite.com/find。问题是，点击一个测试服务器上的动作您重定向到我们的面向公众的网站。因此对于测试，我们手动修改我们的hosts文件测试服务器的IP地址，等于我们的面向公众的网站的名称。这使得有些认知负担自己作为开发者，也需要我们去参观谁，我们希望测试我们的网站来配置他们的主人之前测试文件，任何非编码的人的计算机和测试之后去配置改变自己的hosts文件。

Currently, to ensure that it is not possible for a user to link from a secured page to a secured page of site search results, we hard-code the absolute url of the action used for site search, complete with the protocol and host name, such as "http://www.publicsite.com/find". The problem is that clicking on that action on a test server redirects you back to our public-facing site. So for testing, we make manual edits to our hosts file for the test server's IP address to equal our public facing site name. This puts a bit of cognitive burden on ourselves as developers, and also requires us to visit the computer of any non-coding person who we wish to test our site to configure their hosts file prior to testing, and after testing to de-configure the changes to their hosts file.

下code是最好的解决方案，我想出了。有谁知道一个更好的办法？如果我的解决办法是适当的，它产生任何安全漏洞？我看不出它如何能，因为如果恶意用户伪造请求到我们的面向公众的IP地址，X，但与主机头的主机名而没有相匹配的IP地址，这只会导致靠不住的网址被提供回给同一用户。换句话说，我不明白怎么会有人通过其他网站，或任何类似的留言板上张贴URL中使用它来创建一个XSRF漏洞：

The code below is the best solution I have come up with. Does anyone know of a better way? If my solution is adequate, does it create any security vulnerabilities? I don't see how it could, since if a malicious user were to forge a request to our public facing IP address X but with a host name in the host header which did not match that IP address, this would only result in wonky URLs being provided back to the same user. In other words, I don't see how anyone could use this to create an XSRF exploit by posting a URL in a message board on another site, or anything similar:

public static string CurrentHostName(this UrlHelper helper, HttpProtocol protocol)
{
    var result = string.Empty;

    if (protocol == HttpProtocol.Secure) result += "https://";
    if (protocol == HttpProtocol.UnSecure) result += "http://";
    if (protocol == HttpProtocol.Current) result += HttpContext.Current.Request.Url.Scheme;

    result += HttpContext.Current.Request.Url.Host;

    if (HttpContext.Current.Request.Url.Port != 80) result += ":" + HttpContext.Current.Request.Url.Port.ToString();

    return result;
}

HttpProtocol是一个枚举，我创造了自己。

HttpProtocol is an enum that I created myself.

谢谢！

推荐答案

我觉得你问的URL格式的主机的相对的，而该协议的亲戚。我不认为这是可能使用任何标准的URL格式。例如，http：/路径/文件名不适合这方面的工作。

I think you're asking for a URL format that's host relative rather that protocol relative. I don't think that's possible using any standard url formatting. For instance, http:/path/filename does not work for this.

这篇关于如何在使用相对URL来改变HTTP / HTTPS协议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！