强制特定页面使用 HTTPS 和 angularjs [英] Forcing a specific page to use HTTPS with angularjs
问题描述
在我们的应用程序中,我们有一个要在其上使用 SSL 的付款页面,因为我们正在处理信用卡信息.我们已经为 apache 制定了重写规则,将请求重定向到特定页面到 HTTPS——它负责处理对支付页面的任何直接请求(http://oursite.com/pay).
In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay ).
然而,我们网站中的大多数导航是通过相对 url 和 states
使用 ui 完成的-router
在 angularjs 中,我们发现 apache 无法捕获这些请求,因此为没有 SSL 的页面提供服务.
However most navigation in our site is done via relative urls and states
using ui-router
in angularjs and we have found that apache does not catch these requests and so serves the page without SSL.
EX 如果用户点击带有 ui-sref='pay'
的链接 ui-router
加载模板并刷新状态 -- 任何时候都不是请求为新的 uri 制作到服务器,因此 apache 无法重定向到 https
EX If a user clicks a link with ui-sref='pay'
ui-router
loads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https
有没有办法强制 ui-router(或一般的 angular)强制某个状态使用 HTTPS,而无需更改所有链接以重新加载整个站点?
当然,这也可能是我们重写规则的一个缺点......这是我们目前所拥有的
Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]
第二组规则是为我们的应用强制执行 html5mode.
The second set of rules is to enforce html5mode for our app.
RewriteCond %{REQUEST_FILENAME} !-f
到位,以便 angular 可以在不需要 SSL 的情况下获取状态的支付模板.可以吗?
RewriteCond %{REQUEST_FILENAME} !-f
is in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?
推荐答案
我遇到了类似的问题,尽管在 SPA 应用程序中使用了 $routeProvider.我所做的是在控制器内强制执行重定向:
I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:
var forceSSL = function () {
if ($location.protocol() !== 'https') {
$window.location.href = $location.absUrl().replace('http', 'https');
}
};
forceSSL();
这虽然会重新加载所有资源.但是,这种情况在切换到 SSL 模式时只会发生一次.
This though does reload all resources. However, this happens only once when switching to SSL mode.
注意,该函数实际上是在一个服务中,因此可以从任何地方调用.
Note, the function is actually in a service so can be called from anywhere.
我希望这会有所帮助.
这篇关于强制特定页面使用 HTTPS 和 angularjs的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!