如何防止从https：//到http：//的意外重定向 [英] How to prevent unexpected redirects from https:// to http://

问题描述

我在cloudControl上运行一个使用CakePHP（1.3）开发的Web应用程序。

I'm running an web application that I developed using CakePHP(1.3) on cloudControl.

使用他们的搭载SSL，我可以通过 https：// ，但所有重定向转到 http：// 。

Using their piggyback SSL, I can access the app fine via https:// but all redirects go to http://.

如果我手动更改网址，我可以通过 https：// 访问所有内容，但这只会持续到下次发布重定向，然后我返回 http：// 。

If I manually change the url, I can access everything via https:// but this only persists until the next time a redirect is issued, and then I'm back on http://.

这不会发生在我的本地环境中，所以我想知道它是否与cloudControl或搭载SSL有关。

This doesn't happen in my local environment, so I'm wondering if it's something to do with cloudControl, or the piggyback SSL.

如何防止意外地从 https：// 重定向到 http：//

How can I prevent being unexpectedly redirected from https:// to http://?

推荐答案

定义FULL_BASE_URL

cloudController的负载平衡器可能监听https请求并通过http将它们转发到您的应用程序服务器 - 可能会设置一个 X-Forwaded-Proto 头。这是一个典型的设置，所以只有外部请求承担ssl加密的开销。

Define FULL_BASE_URL

The load balancer of cloudController probably listens to https requests and forwards them to your application server over http - possibly setting a X-Forwaded-Proto header. This is a typical setup so that only the external request bears the overhead of ssl encryption.

因为它实际上是在服务器接收的http连接，任何绝对urls生成的路由器，例如发出重定向时，将默认使用 http：// ，而不是 https：//

Because it's actually on a http connection that the server receives, any absolute urls generated by the router, such as when a redirect is issued, will use http:// by default, and not https://, as that is the protocol by which the application server is being accessed.

要覆盖此项，请定义用作应用程序绝对根目录的网址，以便它用于所有绝对网址。

To override this, define the url to use as the absolute root of the app so that it is used for all absolute urls.

ie将以下内容放在应用程序引导中：

i.e. put the following in the application bootstrap:

define('FULL_BASE_URL', 'https://example.com');

这篇关于如何防止从https：//到http：//的意外重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！