如何POST到HTTP?

问题描述 投票:9回答:2

假设我有一个表格,现在正在做一个帖子:

<form id="post-form" class="post-form" 
      action="/questions/ask/submit" method="post">

您会注意到action中没有站点,浏览器会跟随它获取页面的位置。

发布时,浏览器遵循当前的域规则

If the current page is...                then the browser will POST to
=======================================  =============
http://stackoverflow.com/questions/ask   http://stackoverflow.com/questions/ask/submit
https://stackoverflow.com/questions/ask  https://stackoverflow.com/questions/ask/submit

但我想确保浏览器始终转到安全页面:

http://stackoverflow.com/questions/ask   https://stackoverflow.com/questions/ask/submit

通常你会尝试这样的事情:

<form id="post-form" class="post-form" 
      action="https://stackoverflow.com/questions/ask/submit" method="post">

除此之外,需要知道托管站点的域名和虚拟路径名称(例如stackoverflow.com)。如果网站被更改:

  • stackoverflow.net
  • stackoverflow.com/mobile
  • de.stackoverflow.com
  • stackoverflow.co.uk/fr
  • beta.stackoverflow.com

那么形式action也必须更新:

<form id="post-form" class="post-form" action="https://stackoverflow.net/questions/ask/submit" method="post">

<form id="post-form" class="post-form" action="https://stackoverflow.com/mobile/questions/ask/submit" method="post">

<form id="post-form" class="post-form" action="https://de.stackoverflow.com/questions/ask/submit" method="post">

<form id="post-form" class="post-form" action="https://stackoverflow.co.uk/fr/questions/ask/submit" method="post">

<form id="post-form" class="post-form" action="https://beta.stackoverflow.com/questions/ask/submit" method="post">

如何指示浏览器转到https版本的页面?

假设语法:

<form id="post-form" class="post-form" action="https://./questions/ask/submit" method="post">

302, 303, 307

最初302 Found是告诉用户代理去其他地方的代码。目的是浏览器只需在新位置再试一次:

POST /questions/ask/submit

302 Found
Location: /submitquestion

POST /submitquestion

不幸的是,所有浏览器都错了,并且错误地总是在新位置使用GET

POST /questions/ask/submit

302 Found
Location: /submitquestion

GET /submitquestion

因为浏览器弄错了,所以创建了两个新代码:

  • 302 Found :(遗产已弃用)在新位置再次尝试完全相同的事情;但是旧版浏览器正在转向GET
  • 303 See Other:忘记用户正在做的事情,然后在这个地方做一个GET
  • 307 Temporary Redirect:在新的位置再次尝试完全相同的事情(不,严重,同样的事情 - 我没有说你可以切换到GET。如果你正在做一个DELETE然后去DELETE它在这里。)

例如,如果用户代理位于POST的中间:

| Response               | What agent should do  | What many agents actually do |
|------------------------|-----------------------|------------------------------|
| 302 Found              | POST to new Location  | GET from new Location        |
| 303 See Other          | GET from new Location | GET from new Location        |
| 307 Temporary Redirect | POST to new Location  | POST to new Location         |

理想情况下,有一种方法可以使用307 Temporary Redirect告诉用户代理再次在安全URL上尝试POST

POST /questions/ask/submit

307 Temporary Redirect
Location: https://beta.stackoverflow.com/questions/ask/submit

POST /questions/ask/submit

我可以在ASP.net中使用足够好的服务器端:

if (!Request.IsSecureConnection)
{
   string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
   Response.Redirect(redirectUrl);

   //We don't want to send the client the deprecated 302 code, we want to use 307 telling them that we really want them to continue the POST, PUT, DELETE, etc
   Response.StatusCode = (int)System.Net.HttpStatusCode.TemporaryRedirect;     
   Response.End();
}

但我不知道你是否可以在Location中指定一个完整的uri。

html google-chrome internet-explorer-9
2个回答
3
投票

你可以用javascript更改表单的动作:

var form = document.getElementById("post-form");
form.action = location.href.replace(/^http:/, 'https:');

但是有一些security considerations,我建议你将表单的URL重定向到https。虽然你可以从javascript中做到这一点,但是当它获得安全性时你永远不应该信任javascript,所以从服务器做它(它也更快,页面不必加载,只有http头)

0
投票

您最好确保如果用户已登陆您的http页面,您将其重定向到https等效项。在你的 :

<script>
if ((window.location.href.substring(0, 8) != "https://") {
  window.location = location.href.replace(/^http:/, 'https:');
}
</script>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.