如何在没有烦人的错误消息的情况下从 HTTPS 重定向到 HTTP | 如何在没有烦人的错误消息的情况下从

本文介绍了如何在没有烦人的错误消息的情况下从 HTTPS 重定向到 HTTP的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想在 HTTPS 登录后将用户重定向到站点上的 HTTP 页面.不会在整个网站上使用 HTTPS.

到目前为止我所拥有的是以下内容:

用户将登录表单发布到安全站点
- 安全服务器验证凭据
- 安全服务器向客户端发送 302 重定向

这有效，除了在我的 IE6 机器上，用户收到一条错误消息，因为默认设置是在退出安全页面时发出警告.这些错误对我来说是可用性杀手，因此是个大麻烦.我改变了它，以便第 3 步是

服务器发送带有元刷新的 html 代码

但这很慢；即使在我的本地机器上，它也明显比 302 重定向慢.

是否有更好的方法来实现对人们使用的标准设置进行轻松重定向的目标?IE6 占我们流量的 20%-25%.另外，有没有人有关于哪些浏览器会警告哪些浏览器不会对 302 重定向发出警告的任何好的信息?我正在考虑将 IE6 列入黑名单，以便只有它获得缓慢的元刷新，而其他所有人都获得快速的 302.

解决方案

我会做类似的事情.还在正文中包含一个纯 HTML 链接以方便访问.

请注意，其他一些浏览器确实会发出类似的关于离开 HTTPS 站点的警告，但在他们的情况下，它会伴随一个(通常预先打勾)不要再问我"按钮.因此，当他们到达您的网站时，他们几乎肯定会告诉该警告消失.这并没有使警告变得不那么毫无意义，但至少可以缓解问题.

安全服务器向客户端发送 302 重定向

您不应该响应 POST 302.一个认真对待 HTTP RFC 的理论浏览器可能会通过将表单重新发布到新 URL 来对此做出响应.(具有讽刺意味的是，这将使 IE6 关于信息被重新传输到非安全站点"的警告不再具有误导性.)改为使用303 查看其他".

I want to redirect users, after HTTPS login, to the HTTP pages on the site. Using HTTPS for the whole site is not going to happen.

What I have so far is the following:

User posts the login form to the secure site
- The secure server validates the credentials
- The secure server sends a 302 redirect to the client

This works, except on my machine in IE6 the user gets an error message because the default is to warn when exiting a secure page. These errors are a usability killer for me and thus a showstopper. I changed it so that step 3 is

Server sends html code with a meta refresh

But this is very slow; even on my local machine it's noticeably slower than doing the 302 redirect.

Is there a better way to accomplish the goal of a hassle-free redirection on standard settings that people use? IE6 represents 20%-25% of our traffic. Also, does anyone have any good info about which browsers will warn and which won't warn for the 302 redirect? I am considering black-listing IE6 so that only it gets the slow meta refresh and everyone else gets the fast 302.

解决方案

I would do something like that. Also include a plain HTML link in the body for accessibility.

Note that some other browsers do give a similar warning about leaving an HTTPS site, but in their case it is accompanied by a (generally pre-ticked) "don't ask me again" button. So by the time they get to your site they will almost certainly have told that warning to disappear. This doesn't make the warning less pointless, but at least it alleviates the problem.

You shouldn't 302 in response to POST. A theoretical browser that took the HTTP RFC seriously might respond to that by re-POSTing the form to the new URL. (Which, ironically, would make IE6's warning about information "being retransmitted to a nonsecure site" less misleading.) Instead use "303 See other".

这篇关于如何在没有烦人的错误消息的情况下从 HTTPS 重定向到 HTTP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！