javascript 强制特定页面在 angularjs 中使用 HTTPS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22689543/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Forcing a specific page to use HTTPS with angularjs
提问by Matt Foxx Duncan
In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay).
在我们的应用程序中,我们有一个要在其上使用 SSL 的支付页面,因为我们正在处理信用卡信息。我们已经为 apache 制定了重写规则,以将特定页面的请求重定向到 HTTPS——它负责处理对支付页面 ( http://oursite.com/pay)的任何直接请求。
However most navigation in our site is done via relative urls and statesusing ui-routerin angularjs and we have found that apache does not catch these requests and so serves the page without SSL.
然而,我们网站中的大多数导航都是通过相对 url 完成的,并在 angularjs 中states使用ui-router,我们发现 apache 无法捕获这些请求,因此在没有 SSL 的情况下提供页面。
EX If a user clicks a link with ui-sref='pay'ui-routerloads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https
EX 如果用户单击链接ui-sref='pay'ui-router加载模板并刷新状态 - 任何时候都不会向服务器发出新 uri 的请求,因此 apache 无法重定向到 https
Is there a way to force ui-router(or angular in general) to force a state to use HTTPS without having to change all links to reload the entire site?
有没有办法强制 ui-router(或一般的 angular)强制某个状态使用 HTTPS,而无需更改所有链接以重新加载整个站点?
Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far
当然,这也可能是我们重写规则的一个缺点......这是我们目前所拥有的
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]
The second set of rules is to enforce html5mode for our app.
第二组规则是为我们的应用强制执行 html5mode。
RewriteCond %{REQUEST_FILENAME} !-fis in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?
RewriteCond %{REQUEST_FILENAME} !-f到位,以便 angular 可以在不需要 SSL 的情况下获取该州的付款模板。这个可以吗?
回答by Andrej Grobler
I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:
我遇到了类似的问题,尽管在 SPA 应用程序中使用了 $routeProvider。我所做的是在控制器内部强制重定向:
var forceSSL = function () {
if ($location.protocol() !== 'https') {
$window.location.href = $location.absUrl().replace('http', 'https');
}
};
forceSSL();
This though does reload all resources. However, this happens only once when switching to SSL mode.
这虽然会重新加载所有资源。但是,这种情况在切换到 SSL 模式时只会发生一次。
Note, the function is actually in a service so can be called from anywhere.
请注意,该函数实际上是在一个服务中,因此可以从任何地方调用。
I hope this helps.
我希望这有帮助。
