All geek questions in one place

Can you force an HTML form to use HTTPS for relative URLs?

I have a website on which every page is served via HTTPS. On one of the pages, I have a form whose action attribute is set to a relative URL.

The page with the form can only be accessed via HTTPS, and the page of the form’s messages can only be accessed via HTTPS, but in IE I get a security warning telling me that I am going to switch to an insecure connection. Is there a way to prevent this problem that goes beyond the full URL, including protocol, in the action attribute?

Update:

I tried hard-coding the whole url and still get a popup.

Relevant Code:

<html> <body> <form action="https://mydomain.com/editProfile"> ... </form> </body> </html>

As soon as I hit the Submit button in IE6, I get a pop-up security warning. If I click β€œOK”, the results page will be displayed and the protocol will still be HTTPS. I'm starting to wonder if this is causing a POST message, which is causing the problem.

+4
source share
2 answers

You cannot (except setting the base URL on https). According to RFC 1808 (relative URLs), a URL beginning with a scheme name is always interpreted as an absolute URL (section 4, step 2a).

(As others pointed out, relative URLs preserve the scheme, so the problem was elsewhere, perhaps with an unencrypted image or CSS file, but the question was interesting in itself.)

+6
source

Internet explorer is known for requiring no HTTP requests on the https page or a pop-up security window pops up.

Are all your links on the page linked?

Are there any hidden redirects on your web server?

Think about image files / css / javascript files, can they be restored using https?

0
source

Source: https://habr.com/ru/post/1315146/

More articles:


All Articles