Re: Force use of HTTPS

S . Isaac Dealey Wed, 24 Nov 2004 08:24:59 -0800

just as an fyi, using 'window.location = ' has a tendancy to muck with
people's back-buttons -- which they complain about often... There is
however an alternative which works with most browsers dating back to
NS 3 which is location.replace() ... so you might consider this
modification:


if (typeof location.replace == 'undefined')
  { ... original code snippet ... }
else {
  location.replace('https://'
    + location.host
    + location.pathname
    + location.search);
}

This function behaves the same way as cflocation with regard to
preserving the back-button by replacing the current page in the
browser's history stack instead of appending to the history.

> I use IIS and did this sitewide by moding the 403.4 error
> page in IIS.
>  I added this to the 403.4 error template

> <SCRIPT LANGUAGE="JavaScript">
> if (location.protocol != 'https:'){
>      window.location= 'https://' + location.host +
>      location.pathname +
> location.search
> }
> </SCRIPT>

> Doug


> On Tue, 23 Nov 2004 23:38:03 -0700, Jim McAtee
> <[EMAIL PROTECTED]> wrote:
>> You'll probably also want to append the query_string (url
>> variables).
>>
>> <cfif cgi.server_port neq 443>
>>   <cfset redir = "https://"; & cgi.http_host &
>>   cgi.path_info>
>>   <cfif Len(cgi.query_string)>
>>     <cfset redir = redir & "?" & cgi.query_string>
>>   </cfif>
>>   <cflocation url="#redir#">
>> </cfif>
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "Patricia Lee" <[EMAIL PROTECTED]>
>> To: "CF-Talk" <[EMAIL PROTECTED]>
>> Sent: Tuesday, November 23, 2004 11:10 PM
>> Subject: Re: Force use of HTTPS
>>
>> > Would this help?
>> >
>> > <cfif cgi.SERVER_PORT NEQ "443">
>> >  <cfset redir = 'Https://' & HTTP_HOST & PATH_INFO>
>> >  <cflocation url="#redir#" addtoken="No">
>> > </cfif>
>> >
>> >> Hi again - how do I force hte use of HTTPS pages ? I
>> >> can force the flow
>> >> of
>> >> pages with <cflocation> tags, but I want to stop a
>> >> user just typing in
>> >> the
>> >> URL as HTTP ? Thanks


s. isaac dealey   954.927.5117

new epoch : isn't it time for a change?

add features without fixtures with
the onTap open source framework
http://www.sys-con.com/story/?storyid=44477&DE=1
http://www.sys-con.com/story/?storyid=45569&DE=1
http://www.fusiontap.com




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net
http://www.cfhosting.net

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185313
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Force use of HTTPS

Reply via email to