Sign in to follow this  

[web] linking from http:// to https://

This topic is 3676 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, all. Say I am at a website http://foo.com/page.html which contains a form with attribute action="https://foo.com/result.php". Is the form data guaranteed to arrive encrypted? Or do you already need to be in a https connection before you hit submit?

Share this post


Link to post
Share on other sites
If the form POSTs to a https:// URL, the data will be encrypted. But users won't get a warm fuzzy feeling that it is.

It's better to host the form on https as well, at least, I've always done that.

If the web site is not performance critical and/or needs significant security, consider just moving the whole thing to https.

Mark

Share this post


Link to post
Share on other sites
In addition to what markr stated about making it all https, here's how to force https if you're using Apache and mod_rewrite:


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

Share this post


Link to post
Share on other sites
Or rather than using mod_rewrite, use a different VirtualHost section for your HTTP site, and simply have that redirect unconditionally:


<VirtualHost whatever:80>
Redirect permanent / https://whatever/
</VirtualHost>


which is much simpler.

Mark

Share this post


Link to post
Share on other sites

This topic is 3676 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this