[nycphp-talk] Switching Forth and Back Between HTTP and HTTPS
Michael B Allen
ioplex at gmail.com
Sun Aug 10 22:46:38 EDT 2008
On Sun, Aug 10, 2008 at 9:21 PM, John Campbell <jcampbell1 at gmail.com> wrote:
> On 8/10/08, Michael B Allen <ioplex at gmail.com> wrote:
>> if ($scheme) {
>> header('Location: ' . rebuild_url_with_new_scheme($scheme));
>> exit();
>> }
>
>
> The code above won't always work because if the request is a post
> request, the post data will not get passed to the https url. I think
> the http spec says it is supposed to, but in reality the POST data is
> not sent to the redirected location. Maybe the thing to do is throw a
> 404 if post data is sent to a script that requires ssl.
True. But POST-ing while also transitioning between HTTP and HTTPS is
not terribly common.
> I would also use a 301 redirect in this case.
Why is that exactly? I think I agree with you, but I just want to make
sure I know why 301 would be better.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the talk
mailing list