andyhill Posted March 10, 2021 Share Posted March 10, 2021 Version 1542 TUniGUISession(AResponseInfo.Session).URLPAth; ACCESS VIOLATION ??? Please advise Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 11, 2021 Author Share Posted March 11, 2021 7 hours ago, andyhill said: Version 1542 TUniGUISession(AResponseInfo.Session).URLPAth; ACCESS VIOLATION ??? Please advise The problem is that there is no AResponseInfo.Session. You can try to use AResponseInfo.Referer, but I do something else: if UseSslFlag = True then begin AResponseInfo.ResponseNo:= 308; AResponseInfo.ResponseText:= 'Permanently Redirected'; AResponseInfo.Location := 'mysecurelocation.com'; AResponseInfo.Redirect('mysecurelocation.com'); end; If You want URL to be a dinamic, try with AResponseInfo.Referer, I made https URL in My settingFile just like that: if UseSslFlag = True then begin AResponseInfo.ResponseNo:= 308; AResponseInfo.ResponseText:= 'Permanently Redirected'; AResponseInfo.Location := MySettings.Values['RedicetdURLAtStartUp']; AResponseInfo.Redirect(MySettings.Values['RedicetdURLAtStartUp']); end; The last time I tried it: 1. I don't have SSL and I've never booted into my computer 2. I start a new session and redirect to https on my site 3. The session never starts I hope this means that "Strict Transport Security" works. I try it with Custom meta and it works too. 1. <meta http-equiv="refresh" content="2;url=http://example.com" /> OR 2. <script language="JavaScript"> function redirectHttpToHttps() { var loc = window.location.href+''; if (loc.indexOf('http://')==0){ window.location.href = loc.replace('http://','https://'); } } redirectHttpToHttps(); </script> Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 11, 2021 Share Posted March 11, 2021 Thank you, however I want to ReDirect ONLY if not https, if I understand you correctly you are redirecting every time ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 11, 2021 Author Share Posted March 11, 2021 2 minutes ago, andyhill said: Thank you, however I want to ReDirect ONLY if not https, if I understand you correctly you are redirecting every time ? Yes, I tried to use referer and sometimes it has value, but most of the time it doesn't. I think the best solution is to use a custom meta with example 2 - javascript Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 11, 2021 Author Share Posted March 11, 2021 This redirection enable you to redirect to another server I'm testing it now. Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 irigsoft. how did the testing go ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 2 hours ago, andyhill said: irigsoft. how did the testing go ? Hi, redirection work good from my site to another with this: AResponseInfo.ResponseNo:= 308; AResponseInfo.ResponseText:= 'Permanently Redirected'; AResponseInfo.Location := MySettings.Values['RedicetdURLAtStartUp']; AResponseInfo.Redirect(MySettings.Values['RedicetdURLAtStartUp']); I can't test from http to https (i don't have it). SSL. Enabled := True, leads to an error: "Could not load root certificate. error: system library:fopen:No such process" Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 OK, This is what I have found so far, where would it be best to ReDirect ? procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var s, newURL_SSL: String; REQ: TIdHTTPRequestInfo; // uIdCustomHTTPServer begin if UseSslFlag = True then begin REQ:= UniSession.ARequest; s:= REQ.URI; // GET='/', POST='/HandleEvent' s:= REQ.Document; // GET='/', POST='/HandleEvent' s:= REQ.RawHTTPCommand; // GET='GET /HTTP/1.1', POST='POST /HandleEvent HTTP/1.1' s:= REQ.Version; // GET='HTTP/1.1', POST='HTTP/1.1' s:= REQ.RemoteIP; // GET='x.x.x.x', POST='x.x.x.x' s:= REQ.From; // GET='', POST='' s:= REQ.Referer; // GET='', POST='http://x.x.x.x/' if s <> '' then begin s:= LowerCase(s); if LeftStr(s, 5) = 'http:' then begin newURL_SSL:= StringReplace(s, 'http://', 'https://', [rfIgnoreCase]); WHAT IS THE BEST WAY TO REDIRECT USING newURL_SSL FROM HERE end; // LeftStr(s, 5) = 'http:' end; // s <> '' end; // UseSslFlag end; 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 2 hours ago, andyhill said: OK, This is what I have found so far, where would it be best to ReDirect ? procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var s, newURL_SSL: String; REQ: TIdHTTPRequestInfo; // uIdCustomHTTPServer begin if UseSslFlag = True then begin REQ:= UniSession.ARequest; s:= REQ.URI; // GET='/', POST='/HandleEvent' s:= REQ.Document; // GET='/', POST='/HandleEvent' s:= REQ.RawHTTPCommand; // GET='GET /HTTP/1.1', POST='POST /HandleEvent HTTP/1.1' s:= REQ.Version; // GET='HTTP/1.1', POST='HTTP/1.1' s:= REQ.RemoteIP; // GET='x.x.x.x', POST='x.x.x.x' s:= REQ.From; // GET='', POST='' s:= REQ.Referer; // GET='', POST='http://x.x.x.x/' if s <> '' then begin s:= LowerCase(s); if LeftStr(s, 5) = 'http:' then begin newURL_SSL:= StringReplace(s, 'http://', 'https://', [rfIgnoreCase]); WHAT IS THE BEST WAY TO REDIRECT USING newURL_SSL FROM HERE end; // LeftStr(s, 5) = 'http:' end; // s <> '' end; // UseSslFlag end; I think You must add only this: //close old session after redirect TUniGUISession(ASession).UniApplication.UniSession.TerminateAfterSecs(5); //redirect TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect (newURL_SSL); Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 Thank You irigsoft for your assistance, this is now my Production Code (obviously the UniServerModule Parameters need to be set):- procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var Referer, Ssl_Url: String; REQ: TIdHTTPRequestInfo; begin if UniServerModule.UseSslFlag = True then begin REQ:= UniSession.ARequest; Referer:= LowerCase(REQ.Referer); // GET='', POST='http://x.x.x.x/...' or POST='http://DomainName/...' if Referer <> '' then begin if LeftStr(Referer, 5) = 'http:' then begin if ( (UniServerModule.AllRefererSslFlag = True) // ReDirect ALL http or (Pos(UniServerModule.DomainName, Referer) > 0) // ReDirect Only DomainName http or (Pos(UniServerModule.BindToIpStr, Referer) > 0) // ReDirect Only Bound IP http ) then begin Inc(UniServerModule.ReDirectCounter); // Analytics Ssl_Url:= StringReplace(Referer, 'http://', 'https://', [rfIgnoreCase]); // Close old session after redirect TUniGUISession(ASession).UniApplication.UniSession.TerminateAfterSecs(2); // Redirect TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect(Ssl_Url); end; end; // 'http:' end; // Referer end; end; Sherzod, Farshad please comment on my implementation - also do I need to set the Handled Flag ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 2 hours ago, andyhill said: Thank You irigsoft for your assistance, this is now my Production Code (obviously the UniServerModule Parameters need to be set):- procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var Referer, Ssl_Url: String; REQ: TIdHTTPRequestInfo; begin if UniServerModule.UseSslFlag = True then begin REQ:= UniSession.ARequest; Referer:= LowerCase(REQ.Referer); // GET='', POST='http://x.x.x.x/...' or POST='http://DomainName/...' if Referer <> '' then begin if LeftStr(Referer, 5) = 'http:' then begin if ( (UniServerModule.AllRefererSslFlag = True) // ReDirect ALL http or (Pos(UniServerModule.DomainName, Referer) > 0) // ReDirect Only DomainName http or (Pos(UniServerModule.BindToIpStr, Referer) > 0) // ReDirect Only Bound IP http ) then begin Inc(UniServerModule.ReDirectCounter); // Analytics Ssl_Url:= StringReplace(Referer, 'http://', 'https://', [rfIgnoreCase]); // Close old session after redirect TUniGUISession(ASession).UniApplication.UniSession.TerminateAfterSecs(2); // Redirect TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect(Ssl_Url); end; end; // 'http:' end; // Referer end; end; Sherzod, Farshad please comment on my implementation - also do I need to set the Handled Flag ? Please, set more time on TerminateAfterSec, if redirection take more time, session will close before loading redirected url. I set 20 sec ! Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 Using 20 seconds, code changes the UrlPath to https as expected, but the framework hangs on the https ReStart (loading...) requiring a Browser RefResh in both Chrome and Edge to re-fetch ? Should we have set Handled:= True before ReDirect ??? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 20 minutes ago, andyhill said: Using 20 seconds, code changes the UrlPath to https as expected, but the framework hangs on the https ReStart (loading...) requiring a Browser RefResh in both Chrome and Edge to re-fetch ? Should we have set Handled:= True before ReDirect ??? thanks, In my case i will use then 5 sec to terminate session and Handled:= True; after redirect. But Handled:= True; or False didn't find any different I have other code in UniGUIMainModuleHandleRequest and after Handled := true, code is executed too Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 Any thoughts about the hang (loading icon ...) ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 9 minutes ago, andyhill said: Any thoughts about the hang (loading icon ...) ? I dont have it. I use redirection to other server and no hang. 1. Start url 127.0.0.1 without https 2. redirect to 192.168.1.1 without https redirection work with TerminateInSec (5). More seconds really block loading. Try to redirect to google.com, and it's work too I had some issues when replacestring (Refferer, 'http', 'https') because replace make string from 'http://mylocation.com' to 'http://mylocation.com/https://mylocation.com' and this took me to the loading .... but with your code work fine. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 did you make some custom meta, and that make troubles now? did you delete redirection commands from htaccess ? I make my test in Standalone application, and you ? try to redirect to something else like google.com and if work then search problem in other redirection rules. Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 12, 2021 Share Posted March 12, 2021 Redirect UrlPath is fine (padlock appears). Stand Alone Server issues ... Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 3 minutes ago, andyhill said: Redirect UrlPath is fine (padlock appears). Stand Alone Server issues ... Did You try without terminate session, only redirect ? I got lost in proposals Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 I make this and for me it's work, but I can't redirect to https (don't have it) . Redirect to other else is OK I think is good to add this in your code: If (RedirectURL <> RedirectAtStartUp) then begin, may be will help. You use lowercase () but this can make sometrouble did you try with my way? uniServerModule var RedirectURL: String; //redirect to SettingsList.Values ['RedirectAtStartUp'] if (RedirectAtStartUp <> '') then begin REQ:= UniSession.ARequest; s:= REQ.URI; s:= REQ.Document; s:= REQ.RawHTTPCommand; s:= REQ.Version; s:= REQ.RemoteIP; s:= REQ.From; s:= REQ.Referer; if (s <> '') then begin If (RedirectURL <> RedirectAtStartUp) then begin //REQ.ResponseNo:=308; //REQ.ResponseText:=' Permanently redirected'; RedirectURL := RedirectAtStartUp; //s; //redirect to https //newURL_SSL:= StringReplace(RedirectURL, 'http://', 'https://', [rfIgnoreCase]); RedirectURL := StringReplace (RedirectURL,'http://','https://',[rfIgnoreCase]); TUniGUISession(ASession).UniApplication.UniSession.TerminateAfterSecs(20); TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect (RedirectURL); Handled := True; end; end; // s <> '' end; Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 12, 2021 Author Share Posted March 12, 2021 procedure TUniServerModule.UniGUIServerModuleHTTPCommand begin AResponseInfo.CustomHeaders.AddValue('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload'); end; Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 13, 2021 Share Posted March 13, 2021 We already have Strict-Transport... It only works if the Url is accessed via https, then the browser will remember it. My testing shows it does nothing with a http Url. Also, It is as if a UniGUIMainModuleHandleRequest http session cannot redirect to a https session properly with TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect (RedirectURL) ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 13, 2021 Author Share Posted March 13, 2021 4 hours ago, andyhill said: We already have Strict-Transport... It only works if the Url is accessed via https, then the browser will remember it. My testing shows it does nothing with a http Url. Also, It is as if a UniGUIMainModuleHandleRequest http session cannot redirect to a https session properly with TUniGUISession(ASession).UniApplication.UniSession.UrlRedirect (RedirectURL) ? I am get Your results, when i try to redirect to me. from http://127.0.0.1:8055/form=name1 to http://127.0.0.1:8055/form=name125 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 13, 2021 Author Share Posted March 13, 2021 I try in new Project to redirect from http://127.0.0.1:8077/?Form=PosN to http://127.0.0.1:8077/?Form=AddN 1. Your code 2. Try redirect via javascript in Custom meta from here: 3. Try to reconect with Custom meta: <meta http-equiv="refresh" content="2; url=http://127.0.0.1:8077/?Form=AddN" /> If I redirect to other URL it's OK, but if try to redirect to same location always error is the same. Like on picture Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 13, 2021 Author Share Posted March 13, 2021 @andyhill, And so, I think i succeeded to redirect: 1. Strange, but it works, add to MainModule.Servermessages.TerminateTemplate '<meta http-equiv="refresh" content="0; URL='http://www.google.com'"/>' from here: 2. Make Your code by this way: from 'http://127.0.0.1:8077/?Form=POS_N' to 'http://127.0.0.1:8077/?Form=AddN' unit MainModule; procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var s : String; //REQ : TIdHTTPRequestInfo; // uIdCustomHTTPServer RedirectURL : String; begin RedirectURL := 'http://127.0.0.1:8077/?Form=AddN'; //only if get some request if (UniSession.ARequest.URI = '/HandleEvent') //and not redirected AND (RedirectURL <> UniSession.ARequest.Referer) then begin Handled := True; s := UniSession.ARequest.Referer; //if this is not used, redirects forever!!!! UniSession.AResponse.ResponseNo := 308; UniSession.AResponse.ResponseText := 'redirected'; UniSession.UrlRedirect(RedirectURL); end; end; 3. Run project 4. Delete from MainModule.Servermessages.TerminateTemplate meta tag 5. Run project And no more errors, load first url and after some seconds redirect to second url, that is. I think the changes in MainModule.ServerMessages.TerminateTemplate make some change! Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 13, 2021 Share Posted March 13, 2021 Here is my latest implementation:- procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var Referer, RedirectURL, FormattedDateTime: String; begin // FORCE https Hack if UniServerModule.UseSslFlag = True then begin if UniSession.ARequest.URI = '/HandleEvent' then begin Referer:= LowerCase(UniSession.ARequest.Referer); if LeftStr(Referer, 5) = 'http:' then begin if ( (UniServerModule.AllRefererSslFlag = True) // ReDirect ALL http or (Pos(UniServerModule.DomainName, Referer) > 0) // ReDirect DomainName http //or (Pos(UniServerModule.BindToIpStr, Referer) > 0) // ReDirect Bound IP http (Testing) ) then begin Handled:= True; // Analytics Inc(UniServerModule.ReDirectCounter); // Audit DateTimeToString(formattedDateTime, 'dd/mm/yyyy hh:nn:ss.z', Now()); UniServerModule.Logger.AddLog('ANDY-M', UniSession.RemoteIP + ' - ' + FormattedDateTime + ' - ' + UniSession.SessionId + ' - ReDirect "'+Referer+'" ' + '('+IntToStr(UniServerModule.ReDirectCounter)+')'); // http --> https RedirectURL:= StringReplace(Referer, 'http://', 'https://', [rfIgnoreCase]); // Prevent ReCycling UniSession.AResponse.ResponseNo:= 308; UniSession.AResponse.ResponseText:= 'Redirected'; // Add Delete Current Thread Here // ReDirect UniSession.UrlRedirect(RedirectURL); end; // Process end; // 'http:' end; // '/HandleEvent' end; // UseSslFlag end; Happy for feed back. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.