Rumah > php教程 > php手册 > HTTP/HTTPS, without index.php, using htaccess, plus XHR

HTTP/HTTPS, without index.php, using htaccess, plus XHR

WBOY
Lepaskan: 2016-06-06 19:54:04
asal
3259 orang telah melayarinya

Removing index.php and forcing HTTP/HTTPS I have read many posts about people trying to force HTTPS for some views and returning to HTTP for others. I struggled with this for a while too but I think this solution is pretty solid. First of

Removing index.php and forcing HTTP/HTTPS

I have read many posts about people trying to force HTTPS for some views and returning to HTTP for others. I struggled with this for a while too but I think this solution is pretty solid.

First of all, having your base_url automatically adjust between http and https makes everything much easier. This way all your base_url() and site_url() calls have the proper protocol.

<span><span>$config[</span><span>'base_url'</span><span>] </span><span>= </span><span>"http"</span><span>.((isset(</span><span>$_SERVER[</span><span>'HTTPS'</span><span>]</span><span>) && </span><span>$_SERVER[</span><span>'HTTPS'</span><span>] </span><span>== </span><span>"on"</span><span>) ? </span><span>"s" </span><span>: </span><span>""</span><span>).</span><span>"://"</span><span>.</span><span>$_SERVER[</span><span>'HTTP_HOST'</span><span>]</span><span>.</span><span>str_replace</span><span>(</span><span>basename</span><span>(</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>),</span><span>""</span><span>,</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>); </span></span>

Starting with the usual htaccess file:

<span><span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>RewriteEngine on<br>     Options </span><span>+</span><span>FollowSymLinks<br>     RewriteBase </span><span>/<br>     <br>     </span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>     RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>     RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br> </span><span></span><span>IfModule</span><span>><br> <br> <span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br> </span><span></span><span>IfModule</span><span>> </span></span></span></span>

You can then check whether HTTPS is on or not with:

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{HTTPS} on </span></span>

For example, to force HTTPS on all pages you could use the following:

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

To force HTTPS on some pages:

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

To return back to HTTP:

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br> RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

To return back to HTTP on all other pages, you need to add exceptions for the pages that are secure:

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> <br> </span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

To avoid a partially encrypted page, you need to add exceptions for any other URIs you might use such as your images or scripts folder. I like to place everything in a folder called ‘static’ (‘static/images’, ‘static/js’, etc) so I only add one exception for that.

<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>) </span></span>

The finished product:

<span><span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>RewriteEngine on<br>     Options </span><span>+</span><span>FollowSymLinks<br>     RewriteBase </span><span>/<br>     <br>     </span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>     RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>     RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br> <br>     RewriteCond </span><span>%</span><span>{HTTPS} off<br>     RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>     </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> <br>     </span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br>     RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>     </span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> </span><span></span><span>IfModule</span><span>><br> <br> <span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br> </span><span></span><span>IfModule</span><span>> </span></span></span></span>


HTTPS and XmlHttpRequests (Ajax)

Not only do XHR calls throw security errors when you try to load content between domains but also between HTTP and HTTPS. Secondly, the headers passed by apache allow browsers to automatically redirect but the XmlHttpRequest object does not.

To solve this you would have to add an exception for any URI that you planned on accessing from one protocol to another.

Example:

<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>|</span><span>categories</span><span>/</span><span>get_list</span><span>|</span><span>products</span><span>/</span><span>get_types</span><span>)<br> <br> </span><span></span><span>=</span><span>site_url</span><span>(</span><span>'categories/get_list'</span><span>);</span><span>?> </span></span>

I quickly found out that this became tedious and confusing when I had a lot of requests in a secure environment. Routes to the rescue!

By adding the following to your routes file:

<span><span>$route[</span><span>'xhr/(:any)'</span><span>] </span><span>= </span><span>'$1'</span><span>; </span></span>

And adding ‘xhr’ to your list of exceptions; you can now call any URI within your application without changing protocols while still allowing the browser to view that controller using another protocol.

<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>xhr</span><span>|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> <br> </span><span></span><span>=</span><span>site_url</span><span>(</span><span>'xhr/categories/get_list'</span><span>);</span><span>?> </span></span>

I hope this has been helpful!

Phil

Label berkaitan:
sumber:php.cn
Kenyataan Laman Web ini
Kandungan artikel ini disumbangkan secara sukarela oleh netizen, dan hak cipta adalah milik pengarang asal. Laman web ini tidak memikul tanggungjawab undang-undang yang sepadan. Jika anda menemui sebarang kandungan yang disyaki plagiarisme atau pelanggaran, sila hubungi admin@php.cn
Cadangan popular
Tutorial Popular
Lagi>
Muat turun terkini
Lagi>
kesan web
Kod sumber laman web
Bahan laman web
Templat hujung hadapan