Automatic Redirect to Secure Site
- January 27, 2009 1:04 PM
- ColdFusion
- Comments (0)
Its not that this is really all that hard to do, but a common security issue is to make sure that users are going to a HTTPS version of a site. This code snippet handles automatic redirection of a user from the unsecured version of a page to the secured version.
<!--- See if HTTPS is off --->
<cfif cgi.https eq "off">
<!--- Get site and path --->
<cfset location = "https://" & cgi.http_host & cgi.script_name />
<!--- See if there are any URL params --->
<cfif len(cgi.query_string)>
<!--- Append the URL params --->
<cfset location = location & "?" & cgi.query_string />
</cfif>
<!--- Redirect to the secure verion --->
<cflocation url="#location#" />
</cfif>
<cfif cgi.https eq "off">
<!--- Get site and path --->
<cfset location = "https://" & cgi.http_host & cgi.script_name />
<!--- See if there are any URL params --->
<cfif len(cgi.query_string)>
<!--- Append the URL params --->
<cfset location = location & "?" & cgi.query_string />
</cfif>
<!--- Redirect to the secure verion --->
<cflocation url="#location#" />
</cfif>
As a side effect, it also blocks POSTs to the unsecured version. I'm not sure if thats a feature or a bug though.
