I have a php script that redirects to an external https page, but unfortunately firefox (and maybe other browser, didn't try yet) block https redirects with a really "scary" message for the most inexperienced users.
Is there a way to bypass this issue without asking the user to handle their browser preferences?
For the redirect I'm using a simple header ("Location: $url");
Thank you
In short, no.
If a user has their Firefox preferences set to show a warning when a redirect happens, you can't get around it.
You can avoid this by showing an interstitial page where users can manually click on a link.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Related
Since my website moved to https, I see I have a lot of mixed content because of the mshots snippet.
In includes/functions.php I tried to change the URL from http://s0.wordpress.com/mshots/v1 to https://s0.wordpress.com/mshots/v1, but then I have a new issue : half of my images disappear.
If I try to add a new shop to my site, there is no image, so it is not only affecting half of my existing stores, but also every new store I add.
Does anyone know why this is happening and how can I solve this?
If you have valid SSL certificate, than just move whole website on https, you can use this plugin: https://wordpress.org/plugins/ssl-insecure-content-fixer/
If you use Apache, put this code to your .htaccess. Now every thing go to your server will be force redirect from HTTP to HTTPS.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When my site redirect to with www I wrote below code in htaccess, mistakenly I forgot instead of example.com I placed example.org, it redirects to example.org now, I found my mistake and replaced with .com instead of .org, in browser I tested its redirect default to .org.
I don't know why its redirect to another site with .org. Is there any cache? How to resolve it?
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule (.*) http://www.example.org/$1 [R=301,L]
www.example.com is redirect to www.example.org
see this posting:
• The simplest and best solution is to issue another 301 redirect back
again.
The browser will realise it is being directed back to what it
previously thought was a de-commissioned URL, and this should cause it
re-fetch that URL again to confirm that the old redirect isn't still
there.
Edit: some comments throw doubt upon this, see below.
• If you don't have control over the site where the previous redirect
target went to, then you are outta luck. Try and beg the site owner to
redirect back to you.
and also this one:
Make the user submit a post form on that url and the cached redirect
is gone
How long do browsers cache HTTP 301s?
Currently I have my ssl forced on a pages where it is needed and it works great.
Problem is on all other pages user can click in address bar and add "https" causing some pages to load with error about mixed content etc.
Same happens if someone visits page with https link.
How can I use either worpress functions.php or htaccess file to force specific page URL to always use non-ssl version of website?
Edit:
I just don't see how suggested duplicate is a duplicate. There is no example of any htaccess code and post author seems to mention he managed to create some solution but without code this does not help me.
What I need is what would seem simple redirect like
https://domain.com/page1 -> http://domain.com/page1
Shouldn't something like that be possible with either htaccess or just wordpress functions.php?
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/someurl
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
above seemed to work for me.
Redirects from https to http just for /someurl
I currently have a site where users can login and do various things. The site uses SSL(HTTPS).
Is there a way to use .php or .htaccess to unsecure a specific link and any link connected (ie. (https://domain.com/unsecure, https://domain.com/unsecure/randominfinit)) unsecure?
But also would this work with a user being logged in to their account and be able to navigate out of /unsecure or /unsecure/randominfinit and still be logged in and not throw errors or browser errors or reduce security?
I have been looking everywhere for a solution for this and have not been able yet to find a solution.
The reason why I need to do this is because I am using iframe to load .swf content on my secure site that is hosted on another domain/server. If you have a better idea to deliver content using iframe with non-SSL content, please tell me - I am all ears.
As long as you have a valid cert you can go between http and https. This will check if the directory is unsecure and https then redirect to non https.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/unsecure [NC]
RewriteCond %{HTTPS} ^on
RewriteRule ^(.*) http://example.com/$1 [R=301,L]
Let me know how that works for you.
I am having an issue with my website which I have been a bit unsure of how to fix, only because it is not constant happening. Sometimes it does, and other times it does not.
The issue has to do with sessions, and redirecting. What I am doing is, when an user completes a task, they are redirected. When they are redirected, a $_SESSION is set with a message which says that what they did has been done. Once the page which the user is being redirected to loads, and the message is not being displayed, the session variable that contains the message is unset because the page refreshes before it is finally shown to the user. The weird thing is that for one specific redirect (when a user logs in with Facebook Connect) it works, but for all other redirects it does not.
My latest idea as to why this happens is because I am using mod_rewrite. Can mod_rewrite cause the page to refresh before it is displayed in the browser?
Here is the code which I am using for the URL rewriting:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [L]
No. mod_rewrite tells apache to take the incoming request that matches your rule (before a response has been sent to you), and route it to a particular destination. It's like mail forwarding--you don't get the letter twice, you just get it in a different location.
UPDATING TO ADD SOLUTION
You are likely performing some actions after the header call for the redirect. Add a call to exit after header, and your problem should be solved.