在我的 yii2 应用程序中,谷歌浏览器从 https 重定向到 http
[英]Google chrome redirect from https to http in my yii2 application
问题描述
since yesterday, I have a problem with the google chrome.
从昨天开始,我的 google chrome 出现了问题。 If i submit form, chrome redirect me from https to http.如果我提交表单,chrome 会将我从 https 重定向到 http。 I'm using yii2 application function $this->redirect()我正在使用 yii2 应用程序 function $this->redirect()
Do you know how to solve this?你知道如何解决这个问题吗?
It only happens in google chrome from yesterday.它只发生在昨天的谷歌浏览器中。
Thank you very much.非常感谢。
3 个解决方案
解决方案1
2 已采纳 2020-12-15 14:15:24
Add in top of the index.php :在index.php顶部添加:
$_SERVER['HTTPS']='on';
Issue 1158169: Form is not Secure issue on new version fo chrome 问题 1158169:新版本 chrome 上的表单不是安全问题
解决方案2
0 2020-12-15 08:52:34
I don't think Chrome is the problem (or maybe it is, but you have to do something server-side for these kinds of situations).我不认为 Chrome 是问题(或者可能是问题,但你必须为这些情况在服务器端做一些事情)。 It seems to be related to your server configuration.它似乎与您的服务器配置有关。 At the end you open the form in HTTPS, submit it, and then it is on the server that you do the redirection.最后,您在 HTTPS 中打开表单,提交它,然后在服务器上进行重定向。
So, you must find out how to force the use of HTTPS, but from the server, you cannot delegate that responsibility to the browser (not entirely).因此,您必须了解如何强制使用 HTTPS,但是从服务器上,您不能将该责任委托给浏览器(不完全)。
Check this post "How to force your site to redirect to https"查看这篇文章“如何强制您的网站重定向到 https”
I don't know, maybe I'm missing something here.我不知道,也许我在这里遗漏了一些东西。 If you can detail more about what happens in that redirect please.如果您可以详细说明该重定向中发生的情况,请。
EDIT编辑
It turns out that if there are ways to force the browser to use HTTPS, and it is with HSTS.事实证明,如果有办法强制浏览器使用HTTPS,那就是用HSTS。 Thanks to Michal Hynčica.感谢 Michal Hynčica。
Check out this post What Is HSTS and How Do I Implement It?查看这篇文章什么是 HSTS 以及如何实施?
About the solution $_SERVER['HTTPS']='on'关于解决方案$_SERVER['HTTPS']='on'
Is this some kind of hack?这是某种黑客行为吗? Shouldn't this environment variable take the value automatically?这个环境变量不应该自动取值吗?
In the end there is something wrong here, because $_SERVER['HTTPS'] = 'off', or if it's not set at all, means that the request was not made over HTTPS, or it could also be that the server is behind a reverse proxy or a load balancer.最后这里有问题,因为$_SERVER['HTTPS'] = 'off',或者根本没有设置,说明请求不是通过HTTPS发出的,也可能是服务器落后了反向代理或负载均衡器。
I think this is like fooling Yii, specifically the following functions:我认为这就像在欺骗 Yii,具体如下功能:
web/Request.php
public function getIsSecureConnection()
{
if (isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1)) {
return true;
}
// Rest of the function
}
ServerRequest.php
public static function getUriFromGlobals()
{
$uri = new Uri('');
$uri = $uri->withScheme(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https' : 'http');
// Rest of the function
}
Why isn't _SERVER[“HTTPS”] set to 1? 为什么 _SERVER[“HTTPS”] 没有设置为 1?
Detecting HTTPS vs HTTP on server sending back nothing useful 在服务器上检测 HTTPS vs HTTP 发回没有用的东西
解决方案3
0 2020-12-16 22:52:20
If the redirect traffic between your load balancer and server is http ensure that the offloaded servers are have ssl enabled如果负载均衡器和服务器之间的重定向流量是 http 确保卸载的服务器启用了 ssl
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.