www.webdeveloper.com
Results 1 to 4 of 4

Thread: Make a link https without full url?

  1. #1
    Join Date
    Nov 2010
    Posts
    67

    Make a link https without full url?

    I am using relative paths for my URL's, so
    <a href="somefile.php">somefile</a>

    My domain can be access by
    http://mydomain.com
    http://www.mydomain.com
    https://mydomain.com
    https://www.mydomain.com

    So without always specifying the entire URL, how can I make a link HTTPS and other links regular HTTP?

    In other words if im on an HTTPS page, I do not want my relative path links to also be HTTPS (id rather it only be the registration page). On top of that, if I include the entire URL then it may send the user to the www version or virse-versa <- and if I changed the domain name it would be a nightmare)

    So I guess what im asking is how can I make a page HTTPS without specifying the entire URL?

  2. #2
    Join Date
    Sep 2011
    Location
    Bristol, England, United Kingdom
    Posts
    192
    On the target page you can use something like:

    PHP Code:
    if($_SERVER['HTTPS'] != "on")
    {
        
    $redirect "https://" $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
        
    header("Location: $redirect");

    This will force the page to become HTTPS. You can also alter the condition and force HTTP.

  3. #3
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Quote Originally Posted by George88 View Post
    On the target page you can use something like:

    PHP Code:
    if($_SERVER['HTTPS'] != "on")
    {
        
    $redirect "https://" $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
        
    header("Location: $redirect");

    This will force the page to become HTTPS. You can also alter the condition and force HTTP.
    This is a good solution if you're not concerned about sending the initial request in plain text. My recommendation would be run everything over SSL: install the above in all pages (in your template or whatever) and use relative links for everything.

    No need to worry about switching between HTTP and HTTPS. You drastically reduce the odds of leaking a session cookie or set of credentials through a random insecure request. And the overhead of performing the encryption is far less significant than it used to be.

  4. #4
    Join Date
    Jun 2006
    Location
    Boston, MA
    Posts
    383
    you should just be able to use '//' without 'https:'. for example: //webdeveloper.com.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles