如何POST到HTTPs? [英] How to POST to HTTPs?
问题描述
假设我有一个现在正在发表的帖子:
$ b
< form id =post-formclass =post-form
action =/ questions / ask / submitmethod =post>
您会注意到<$ c $中没有 c> action ,浏览器会跟随它从哪里获取页面。
浏览器在发布时遵循当前的域规则
如果当前页面是...则浏览器将POST到
============================ =========== =============
http://stackoverflow.com/questions/ask http://stackoverflow.com/questions/ask / submit
https://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
但是我想确保浏览器总是进入安全页面:
http://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
通常情况下,您会尝试如下所示:
< form id =post-formclass =post-form
action =https://stackoverflow.com/questions/ask/submitmethod =post>
除了需要知道托管站点的域名和虚拟路径名称(例如 stackoverflow.com )。如果网站发生了变化:
-
stackoverflow.net -
stackoverflow.com/mobile -
de.stackoverflow.com -
stackoverflow.co.uk/fr -
然后表单 action
$ b
< form id =post-form class =post-formaction =https://stackoverflow.net/questions/ask/submitmethod =post>
< form id =post-formclass =post-formaction =https://stackoverflow.com/mobile/questions/ask/submitmethod =post> ;
< form id =post-formclass =post-formaction =https://de.stackoverflow.com/questions/ask/submitmethod =post> ;
< form id =post-formclass =post-formaction =https://stackoverflow.co.uk/fr/questions/ask/submitmethod =post >
< form id =post-formclass =post-formaction =https://beta.stackoverflow.com/questions/ask/submitmethod =post> ;
如何指示浏览器转到 https 版本的页?
假设语法: b
< form id =post-formclass =post-formaction =https://./ questions / ask / submitmethod =post>
您可以使用javascript更改表单的动作:
var form = document.getElementById(post-form);
form.action = location.href.replace(/ ^ http:/,'https:');
但有一些安全考虑事项,我建议你将表单的网址重定向到https。尽管你可以用javascript来完成,但当它达到安全性时,你绝对不应该信任javascript,所以从服务器开始(它也更快,不必加载页面,只需要http头)。
Assume i have a form that right now is doing a post:
<form id="post-form" class="post-form"
action="/questions/ask/submit" method="post">
You'll notice there is no site in the action, the browser follows where it got the page from.
The browser follows current domain rules when posting
If the current page is... then the browser will POST to
======================================= =============
http://stackoverflow.com/questions/ask http://stackoverflow.com/questions/ask/submit
https://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
But I want to ensure that the browser will always go to the secure page:
http://stackoverflow.com/questions/ask https://stackoverflow.com/questions/ask/submit
Normally you would try something like:
<form id="post-form" class="post-form"
action="https://stackoverflow.com/questions/ask/submit" method="post">
Except that requires knowing the domain and virtual path name of hosting site (e.g. stackoverflow.com). If the site were changed:
stackoverflow.netstackoverflow.com/mobilede.stackoverflow.comstackoverflow.co.uk/frbeta.stackoverflow.com
then the form action would have to be updated also:
<form id="post-form" class="post-form" action="https://stackoverflow.net/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://stackoverflow.com/mobile/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://de.stackoverflow.com/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://stackoverflow.co.uk/fr/questions/ask/submit" method="post">
<form id="post-form" class="post-form" action="https://beta.stackoverflow.com/questions/ask/submit" method="post">
How can I instruct the browser to go to https version of a page?
Hypothetical syntax:
<form id="post-form" class="post-form" action="https://./questions/ask/submit" method="post">
you can change the form's action with javascript:
var form = document.getElementById("post-form");
form.action = location.href.replace(/^http:/, 'https:');
But there are some security considerations, and I would suggest you to redirect your form's url to https. And although you could do it from javascript, you should never trust javascript when it gets to security, so do it from the server (it's also faster, the page doesn't have to be loaded, only the http header)
这篇关于如何POST到HTTPs?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
