Reputation: 102735
Forcing http/https: How to detect https and which status header to send when redirecting?
I've written a script to force certain sections of the site to be accessed via http or https. We want the user to be redirected to the normal http page in case they land on the https version by accident, and vice versa. So far, so good, but I have 2 questions for you guys.
What is the correct status header to send when switching protocol? I'm currently using this in both cases before redirecting:
header('HTTP/1.1 301 Moved Permanently');What is the preferred way to detect if we're using https?
// if ($_SERVER['SERVER_PORT'] == 443) /* EDIT: OK, not this? */ if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on'))Something else? Both?
Replies to comments:
We're using Apache, but if there's a universal solution that would great.
We don't want to use
.htaccessbecause the https required pages are "flagged" as such by the CMS we're using, and that this is a part of. We don't want to "hard-code" the URLs into a file.
Upvotes: 2
Views: 1899
Answers (1)
Reputation: 53830
- The
301redirect is the proper method. You cannot switch between HTTP and HTTPS mid-stream. The page must be reloaded in the client. - The second method, via
$_SERVER['HTTPS']is the preferred method. Simply ensure that your web server supports it.
Upvotes: 3
Related Questions
- PHP - How to redirect to https if available?
- Change https header 302 to 200 in PHP
- Attempting to understand the different methods used to redirect to HTTPS if the connection is plain-HTTP
- php - header location redirect: https to https, http to http
- Detecting HTTPS vs HTTP on server sending back nothing useful
- When redirecting from http to https, which status code should I use?
- http to https forwarding using php
- PHP header location to https
- PHP - Checking for http:// or https:// in form submission
- Secure redirect from HTTP to HTTPS