WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[resolved] SSL force redirect and post in between insecure/secure (5 posts)

  1. yonisink
    Member
    Posted 3 years ago #

    Hi Mike,

    Like I mentioned in my past thread, thanks for a great plugin. What I'm trying to do is this:

    1. Show a form on an insecure page
    2. Click submit on that page, to submit POST variables to a secure page
    3. Have the secure page read those variables.

    Is that possible with the force redirect option? Otherwise, since I have that form in the sidebar of every page (a donate input box basically), I'll have to encrypt the entire site. Do you have any recommendations?
    Thanks!

  2. yonisink
    Member
    Posted 3 years ago #

    It strikes me as something that may be happening in the interim is that site_urp or home_url are not SSL aware when it comes to the "force SSL" pages, is that true? should I be manually writing out the full URL of the POST submit? hardcoding is a bad idea, but perhaps that gets around the problem...?

    EDIT: I was able to solve this problem by using home_url and the "scheme" parameter, eg:

    form action = home_url( '', 'https' ) . '/donate';

    Mike, it's still something you might want to look forward to, applying a filter to home_url that it detects if force ssl is on or something?

  3. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey yonisink,

    The plugin uses output buffeting to parse the HTML output and alter it accordingly. This allows me more control over when to rewrite URLs in the code.

    Is the donate page a WP page that you can force SSL on? If so, try forcing SSL on that page. If the form doesn't automatically change to HTTPS on every page, I could make a pretty small change to the plugin to make that happen.

    Thanks,
    Mike

  4. yonisink
    Member
    Posted 2 years ago #

    Mike, I have a donate sidebar on each page on my site - say, an input and a submit button. That amount variable is POSTed to the secure actual contribution page. My point is that home_url isn't *always* aware, (nor is get_permalink, for that matter, which I also used) and so this potentially is an issue. Seems like a WP issue, not yours, but like I said, maybe something you want to detect for somehow.

  5. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey yonisink,

    Well, I can't just filter the home_url on the entire site, that wouldn't work. The plugin is smarter than that. I could filter the get_permalink function, but I really don't need to since every link on the page is filtered by the output buffering.

    So, back to my initial question: Is the contribution page a WordPress page that the form is submitting to a WordPress page that you can Force SSL on? If so, I've already devised a way for the action URL to be fixed by the plugin.

    Thanks,
    Mike

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic