您可以强制 HTML 表单对相对 URL 使用 HTTPS 吗?
我有一个网站,其中每个页面都通过 HTTPS 提供服务。在其中一个页面上,我有一个表单,其操作属性设置为相对 URL。
包含表单的页面只能通过 HTTPS 访问,表单发布到的页面只能通过 HTTPS 访问,但在 IE 中,我收到一条安全警告,告诉我即将切换到不安全的连接。除了将包含协议的完整 URL 编码到表单的操作属性中之外,还有什么方法可以防止此问题吗?
更新:
我尝试对整个 URL 进行硬编码,但仍然出现弹出窗口。
相关代码是:
<html>
<body>
<form action="https://mydomain.com/editProfile">
...
</form>
</body>
</html>
在 IE6 中单击提交按钮后,我会弹出安全警报。如果我单击“确定”,则会显示结果页面,并且协议仍然是 HTTPS。我开始怀疑是否是 POST 表单导致了问题。
I have a website in which every page is served via HTTPS. On one of the pages I have a form whose action attribute is set to a relative URL.
The page with the form can only be accessed via HTTPS and the page the form posts to can only be hit via HTTPS, yet in IE I get a security warning telling me I'm about to switch to an insecure connection. Is there any way to prevent this problem beyond codding the full URL including the protocol into the form's action attribute?
Update:
I tried hardcoding the entire URL and still I get the pop-up.
The relevant code is:
<html>
<body>
<form action="https://mydomain.com/editProfile">
...
</form>
</body>
</html>
As soon as I click the submit button in IE6 I get a security alert pop-up. If I click ok, the result page is displayed and the protocol is still HTTPS. I'm starting to wonder if it is the form POST that's causing the issue.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您不能(除了将基本 URL 设置为 https 之外)。根据 RFC 1808(相对 URL),以方案名称开头的 URL 始终被解释为绝对 URL(第 4 节,步骤 2a)。
(正如其他人指出的,相对 URL 保留了该方案,因此问题出在其他地方,可能是未加密的图像或 CSS 文件,但问题本身很有趣。)
You can't (other than setting the base URL to https). According to RFC 1808 (relative URLs), an URL starting with a scheme name is always interpreted as an absolute URL (section 4, step 2a).
(As others pointed out, relative URLs keep the scheme, so the problem was elsewhere, probably with an unencrypted image or CSS file, but the question was interesting in its own right.)
Internet Explorer 因要求 https 页面中没有 http 请求或弹出安全弹出窗口而臭名昭著。
页面中的所有链接都是相对的吗?
您的网络服务器中没有隐藏的重定向吗?
想想图片/css文件/javascript文件,它们都可以使用https检索吗?
Internet explorer is notorious for demanding that there are NO http requests in your https page or the security popup pops up.
Are all your links in the page relative?
Are there no hidden redirects in your webserver?
Think about pictures/css files/javascript files, can they all be retrieved using https?