Jump to content

Code works. .htaccess modifications work. They don't work together.


Recommended Posts

This one requires lots of up front information:


[*]I have a page, for this example that I will call page.php. It takes get parameters, and for this example I'll call the parameter "step". So I have a URL like this: page.php?step=1

[*]This page has a form with an action of page.php?step=1.

[*]The code on the page validates the posting information. If the information is bad, it returns the user to page.php?step=1; if it is good, it takes the user to page.php?step=2 via header( "location:page.php?step=2" ). So redirection is done by relative path, not full URLs.


This all works as expected.


Now what I've done is set .htaccess to be HTTPS for this page, via this code:


# Turn SSL on for payments

RewriteCond %{HTTPS} off

RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]

RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]


This works (initially). However, once you try to post the form, it just redirects back to the step=1 version of the page. I really don't know how or why that would be.


I'm not sure how else I can explain this or what other information you may have. But it's frustrating to not get a page working in HTTPS that works in HTTP. Very odd. Any suggestions? (I don't even really know the best location to figure out when/why it's redirecting back to the original page.)



Link to comment
Share on other sites

It's hard to say what's going on here, but when you specify a relative URI in your 'location' header, you're breaking spec. When you break spec, you're hoping the browser's been coded in such a way that it will do what you desire.


Using redirects makes debugging very hard, unless you're also passing error codes along with it. You should comment out your redirect, and dump your data instead. Make sure the data is what you'd expect it to be.

Link to comment
Share on other sites

I don't understand why I'm breaking spec by using header( "location:abcd" ). Can you explain?


Which redirect do you think I should comment out? As explained before, the code works just fine. The only error is when .htaccess is then configured to ensure pages are HTTPS.


What do you mean "dump the data instead"?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.