在 cakephp ssl 站点中重定向到 http 而不是 https

发布于 2024-10-08 00:15:09 字数 518 浏览 1 评论 0原文

我开发了一个 cakephp 网站，所有页面都应使用 ssl。它按预期工作，除了当我在控制器中使用重定向时，它重定向到 http://subdomain.domain.com 而不是 https://subdomain.domain.com/controller/action。

我通过为指向 cakephp 应用程序的端口 80 创建虚拟主机并在 .htaccess

RewriteCond %{HTTPS} off 中添加这些重写规则解决了这个问题 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

这可以捕获这种情况并重定向到 https，但是这会给服务器带来不必要的额外流量。

造成这种额外流量的原因是重定向功能，因为它会生成错误的网址。我研究了重定向函数，它调用 router::url 来创建实际的 url。但是我无法弄清楚如何或在哪里指示路由器使用 https 而不是 http。

蒂姆

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一梦浮鱼 2024-10-15 00:15:09

我做了一些猜测，但我怀疑正是这个 RewriteRule 将事情搞砸了。

您应该“重定向”而不是“重写”。 Cake 生成的链接通常是相对于根的，因此不要指定协议，除非您传递“true”作为第二个参数。

我还让 apache 监听 80 和 443，这样我至少可以响应不正确的请求。

这是我在 AppController 类中执行相同操作的代码：

function beforeFilter() {
    parent::beforeFilter();
    $this->_setupSecurity();
}

function _setupSecurity() {
    $this->Security->blackHoleCallback = '_badRequest';
    if(Configure::read('forceSSL')) {
        $this->Security->requireSecure('*');
    }
}

/**
* The main SecurityComponent callback.
* Handles both missing SSL problems and general bad requests.
*/

function _badRequest() {
    if(Configure::read('forceSSL') && !$this->RequestHandler->isSSL()) {
        $this->_forceSSL();
    } else {
        $this->cakeError('error400');
    }
    exit;
}

/**
* Redirect to the same page, but with the https protocol and exit.
*/

function _forceSSL() {
    $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    exit;
}

我在 bootstrap.php 中也有自己的配置“forceSSL”选项，用于根据环境打开和关闭此选项，因此需要将其设置为 true以上工作。

I'm taking a bit of a guess, but I suspect it is this very RewriteRule that's messing things up.

You should be "redirecting" not "rewriting". Cake's generated links are usually relative to the root, so don't specify a protocol unless you pass "true" as the second parameter.

I also have apache listening on both 80 and 443 so that I can at least respond to incorrect requests.

This is the code I have in my AppController class to do the same thing:

function beforeFilter() {
    parent::beforeFilter();
    $this->_setupSecurity();
}

function _setupSecurity() {
    $this->Security->blackHoleCallback = '_badRequest';
    if(Configure::read('forceSSL')) {
        $this->Security->requireSecure('*');
    }
}

/**
* The main SecurityComponent callback.
* Handles both missing SSL problems and general bad requests.
*/

function _badRequest() {
    if(Configure::read('forceSSL') && !$this->RequestHandler->isSSL()) {
        $this->_forceSSL();
    } else {
        $this->cakeError('error400');
    }
    exit;
}

/**
* Redirect to the same page, but with the https protocol and exit.
*/

function _forceSSL() {
    $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    exit;
}

I also have my own config 'forceSSL' option in bootstrap.php for turning this on and off depending on the environment, so that needs to be set to true for the above to work.

回复收藏 0 原文

余生再见 2024-10-15 00:15:09

我发现这个错误是 Apache 配置错误。

尝试 Jamies 解决方案时，该站点最终陷入重定向循环，因为即使请求是 https，RequestHandler->isSSL()也会返回 false。然后我发现 $_SERVER['https'] 未设置，并且 $_SERVER['port'] 为 80，而不是预期的 443。

此时我已将 ssl 指令放置在 site-available/default 中，

SSLEngine on
SSLCertificateFile [path to cert file]
SSLCertificateKeyFile [path to keyfile]

将 ssl 指令移至子域的虚拟主机通过重定向循环解决了该问题。

实际上也解决了我最初的问题，因为方法 Router::url 检查 $_SERVER['https'] 如果设置它会生成一个以 https 开头的 url：否则只是 http：

我已经使用重写规则测试了 Jameies 解决方案和我自己的解决方案在 .htaccess 中，修复后它们都按预期工作。

蒂姆

I found the error it was a misconfiguration of Apache.

Trying out Jamies solution, the site ended up in a redirect loop, because RequestHandler->isSSL() returned false even if the request was https. I then discovered that the $_SERVER['https'] was not set and the $_SERVER['port'] was 80, not 443 as expected.

At that point I have placed my ssl directives in sites-available/default,

SSLEngine on
SSLCertificateFile [path to cert file]
SSLCertificateKeyFile [path to keyfile]

Moving the ssl directives to the virtual host for the subdomain resolved the issue, with redirect loops.

Actually is also solved my initial problem because the method Router::url checks for $_SERVER['https'] if set it generates a url that starts with https: otherwise just http:

I have tested both Jameies solution and my own with rewrite rules in .htaccess and they both work as expected after the fix.

Tim

回复收藏 0 原文

旧人九事 2024-10-15 00:15:09

它的例子已经在CookBook中提到过
http://book.cakephp.org/2.0 /en/core-libraries/components/security-component.html#usage

class AppController extends Controller {
    // Add security component
    public $components = array('Security');

    public function beforeFilter() {
        $this->Security->blackHoleCallback = 'forceSSL';
        $this->Security->requireSecure();
    }

    // Add this function in your AppController
    public function forceSSL() {
        return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    }
}

Its example is already mentioned in the CookBook
http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#usage

class AppController extends Controller {
    // Add security component
    public $components = array('Security');

    public function beforeFilter() {
        $this->Security->blackHoleCallback = 'forceSSL';
        $this->Security->requireSecure();
    }

    // Add this function in your AppController
    public function forceSSL() {
        return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    }
}

回复收藏 0 原文

~没有更多了~