如何在PHP中使网站在HTTP和HTTPS中都能工作?
[英]How to make a website in PHP work both in HTTP and HTTPS?
问题描述
I have a website that was written assuming http:// is one and only protocol forever. 
我有一个网站,假设http://是永远的唯一协议。 Now i bought a SSL certificate but when i visit site calling it with https:// i get info in browsers that part of site is insecure. 现在,我购买了SSL证书,但是当我访问使用https://调用它的网站时,我在浏览器中获得了该网站部分不安全的信息。 As i found i have some JS, CSS and images and files that i refer to using http:// in the HTML of the site. 当我发现我有一些JS,CSS,图像和文件时,我在网站的HTML中使用http://来引用。
So what is best practice to enable full https? 那么启用完整https的最佳实践是什么? Should i change my website in every place when i refer to image, CSS or JS, check if site was loaded with http or https and load the resource with according protocol? 当我引用图像,CSS或JS时,是否应该在每个地方更改网站,检查网站是否加载了http或https,并根据协议加载了资源? It seems like a lot of work for me and bit error prone. 这对我来说似乎需要大量工作,并且容易出错。 Is there any other way, easier to make the whole site fully secure? 还有其他方法可以更轻松地使整个站点完全安全吗?
4 个解决方案
解决方案1
3 已采纳 2011-09-17 20:20:50
与其使用http://yoursite.com/css/file.css链接到CSS,js和图像,不如使用/images/image.jpg和/css/file.css之类的相对路径,这样它将与包括http和https,而且如果您更改域或将内容复制到另一个域,也不必更改所有这些链接。
解决方案2
1 2011-09-17 20:22:44
Use relative paths. 使用相对路径。 If you are pointing to something that is on the same site as yours, then you should not be using http:// 如果您要指向与您位于同一网站上的内容,则不应使用http://
If for some reason you still need to have http:// then just switch them all to https://. 如果由于某种原因您仍然需要http://,则只需将它们全部切换为https://。 An http:// will never complain because it is pointing to https:// stuff, but an https:// page will complain if it is pointing to non-https stuff. http://永远不会抱怨,因为它指向https://东西,但是如果https://页面指向非https东西,它将抱怨。
If you are pointing to content outside of your control, on another site for example, then you need to hope that you can get at that content via https instead. 如果您指向的内容超出了您的控制范围,例如在另一个站点上,那么您希望希望可以通过https来获取该内容。 If you can't, then you're hosed and you either need to live with the error, get the content from somewhere else, or proxy the content through your own https connection. 如果不能这样做,那么您将陷入困境,或者要么忍受错误,要么从其他地方获取内容,或者通过自己的https连接代理内容。
解决方案3
1 2011-09-17 20:25:18
To complement @drew010 's answer, you could use other domains and still refer to the current protocol with // , something like: 为了补充@ drew010的答案,您可以使用其他域,并仍然使用//引用当前协议,例如:
<img src="/pics/home.png" />
<img src="//my-cdn.com/pics/info.png" />
The latter example will point to https://.. from https://your-site.com and http://... from http://your-site.com . 后者的例子将指向https://..从https://your-site.com和http://...从http://your-site.com 。
解决方案4
0 2011-09-17 20:40:10
the best practice would be either using relative path rather than absolute but sometimes absolute is a better option so you can do the following : 最佳做法是使用相对路径而不是绝对路径,但有时绝对路径是更好的选择,因此您可以执行以下操作:
as I can imagine you have a file called config.php or common.php (a file that stores your common used vars and you include it in every page), so put this code there : 正如我可以想象的那样,您有一个名为config.php或common.php的文件(该文件存储了您常用的var,并将其包含在每个页面中),因此请将此代码放在此处:
function selfURL() {
$s = empty($_SERVER["HTTPS"]) ? ''
: ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
}
function strleft($s1, $s2) {
return substr($s1, 0, strpos($s1, $s2));
}
and then you can assign a var called $http to get the value of the function like : $http = selfURL();然后,您可以分配一个名为$http的变量来获取函数的值,例如: $http = selfURL();然后,每当您要包含图像,css等内容时,请执行以下操作:
<img src="<?=$http?>images/sample.png" />
this method is reliable as it works in any situation. 该方法在任何情况下均有效,因此是可靠的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.