强制特定页面使用 HTTPS 和 angularjs [英] Forcing a specific page to use HTTPS with angularjs

问题描述

在我们的应用程序中，我们有一个要在其上使用 SSL 的付款页面，因为我们正在处理信用卡信息.我们已经为 apache 制定了重写规则，将请求重定向到特定页面到 HTTPS——它负责处理对支付页面的任何直接请求(http://oursite.com/pay).

In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay ).

然而，我们网站中的大多数导航是通过相对 url 和 states 使用 ui 完成的-router 在 angularjs 中，我们发现 apache 无法捕获这些请求，因此为没有 SSL 的页面提供服务.

However most navigation in our site is done via relative urls and states using ui-router in angularjs and we have found that apache does not catch these requests and so serves the page without SSL.

EX 如果用户点击带有 ui-sref='pay' 的链接 ui-router 加载模板并刷新状态 -- 任何时候都不是请求为新的 uri 制作到服务器，因此 apache 无法重定向到 https

EX If a user clicks a link with ui-sref='pay' ui-router loads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https

有没有办法强制 ui-router(或一般的 angular)强制某个状态使用 HTTPS，而无需更改所有链接以重新加载整个站点?

当然，这也可能是我们重写规则的一个缺点......这是我们目前所拥有的

Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]

第二组规则是为我们的应用强制执行 html5mode.

The second set of rules is to enforce html5mode for our app.

RewriteCond %{REQUEST_FILENAME} !-f 到位，以便 angular 可以在不需要 SSL 的情况下获取状态的支付模板.可以吗?

RewriteCond %{REQUEST_FILENAME} !-f is in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?

推荐答案

我遇到了类似的问题，尽管在 SPA 应用程序中使用了 $routeProvider.我所做的是在控制器内强制执行重定向:

I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:

var forceSSL = function () {
    if ($location.protocol() !== 'https') {
        $window.location.href = $location.absUrl().replace('http', 'https');
    }
};
forceSSL();

这虽然会重新加载所有资源.但是，这种情况在切换到 SSL 模式时只会发生一次.

This though does reload all resources. However, this happens only once when switching to SSL mode.

注意，该函数实际上是在一个服务中，因此可以从任何地方调用.

Note, the function is actually in a service so can be called from anywhere.

我希望这会有所帮助.

这篇关于强制特定页面使用 HTTPS 和 angularjs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！