March 11th, 2013, 12:31 PM
ColdFusion redirect to https for certain pages
I'm trying to make certain pages redirect to https using ColdFusion in the application.cfm file. This works to a certain extent but the problem is when the page redirects to https the browser pops up the question wanting to know if you want to display 'All Content'.
I take it this means that there is a page or content that is not secure which is causing the browser to pop up this message. Any idea how to get around this if files are scattered all over the place and are pulled in by cfincludes, script tags in other file, etc....
I'm on CFMX7
March 11th, 2013, 02:04 PM
You can tell which page elements are not using HTTPS by looking at the network panel of Firebug or the Chrome dev tools.
As far as making them use HTTPS if they have HTTP hardcoded into the URL, there's no easy option. This is one reason people use relative or absolute paths rather than a full URL (e.g. "/images/myImage.jpg" instead of "http://myserver/images/myImage.jpg")
If you must have the full URL, it's typical to see an application determine the current protocol from the CGI scope at the start of a request and store it in a variable (like "currentProtocol" or whatever). Then, all images, scripts, etc. use that variable in their URLs (e.g. src="#currentProtocol#://myserver/images/myImage.jpg").
March 11th, 2013, 02:34 PM
March 11th, 2013, 03:13 PM
Unfortunately there's no magic solution for this, and it applies to every web application ever written that needs to dynamically switch between protocols.