andyhill Posted January 22, 2018 Share Posted January 22, 2018 I want to make every user use our digital certificate (https), my code below has no effect - please advise - thanks. if UniSession.SSL = False then begin if DB.WantHTTPS = True then begin s:= UniSession.UrlReferer; s:= StringReplace(s, 'http', 'https', [rfReplaceAll]); UniSession.UrlRedirect(s); Close; end; end; Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 22, 2018 Share Posted January 22, 2018 http://www.unigui.com/doc/online_help/configure_unigui_server.htm Quote Link to comment Share on other sites More sharing options...
andyhill Posted January 22, 2018 Author Share Posted January 22, 2018 I have no problems with SSL, all my SSL code works when the user types https://domainname.com What I want to do if the user types http://domainname.com then reroute them to https://domainname.com automatically. Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 22, 2018 Share Posted January 22, 2018 This post can help you: http://forums.unigui.com/index.php?/topic/9184-redirect-http-to-https/ Quote Link to comment Share on other sites More sharing options...
andyhill Posted January 22, 2018 Author Share Posted January 22, 2018 How and where do I implement this within the Delphi code:- procedure TUniMainModule.UniGUIMainModuleCreate(Sender: TObject); begin if UniSession.SSL = False then begin UniSession.AddJS('window.location.href = ''https:'' + window.location.href.slice(5); '); or procedure TLoginmForm.UniLoginmFormCreate(Sender: TObject); begin if UniSession.SSL = False then begin UniSession.AddJS('window.location.href = ''https:'' + window.location.href.slice(5); '); either way it has no effect ? Quote Link to comment Share on other sites More sharing options...
pedrisco Posted January 23, 2018 Share Posted January 23, 2018 I'm gonna try to recapitulate, but i'm not a web guru so please feel free to correct me if i'm wrong... When you enable SSL, standard way is using port 443 to serve secure layer, and unsecure html is still served at 80. If you serve any of this protocols in any non standard port (secure=443, not_secure=80), the browser will take the protocol prefixed in the URL (http://=>not secure, https://=>secure), when you use the standard way you can redirect using javascript because the html page was retrieved from the unsecure/plane http port, when you don't you cann't use javascript unless the user writes the right (not secure) port in the url (p.ej. http://yourdomain.com:81). So, you have two stages: 1.Using standard ports. 2.Using non standard ports, lets say https at 444 and http at 81. In the stage 1, you have 3 common stages: 1.a ) The user writes http://yourdomain.com, so the "redirector javascript" does its job. 1.b ) The user writes https://yourdomain.com, so the "redirector javascript" has nothing to do (...). 1.c ) The user writes "yourdomain.com", so the browser tries prefixing "http://", if nothing is found (no response) tries "https://" and goes on. In the stage 2 (non standard ports), you have: 2.a ) The user writes http://yourdomain.com:81, then the "redirector javascript" does its job. 2.b ) The user writes https://yourdomain.com:444, then the "redirector javascript" has nothing to do (...). 2.c ) The user writes "yourdomain.com:444", but your server is serving "https" in this port, so your browser retrieves encrypted data when is expecting unencryted data, so the browser doesn't "understand" the data so its content is not interpreted, so the javascript won't do the job. I don't know how work IIS and Apache in this context, but the only way i know to redirect from http to https without being forced to serve http somewhere, is using a dns level redirect (masking, forwarding, page-rule, etc.). Hope it helps. Quote Link to comment Share on other sites More sharing options...
andyhill Posted January 24, 2018 Author Share Posted January 24, 2018 Thank you pedrisco. My WebApp runs on a local LAN which is accessible publicly via Port Forwarding on the Router Gateway. We route 80 and 443 which all works perfectly. My WebApp knows when we are not in Secure Mode. So, I need to get the browser to approach the URL with "https" port in order to route correctly. I need to be able to re-direct the browser if not in secure mode. if UniSession.SSL = False then begin UniSession.AddJS('window.location.href = ''https:'' + window.location.href.slice(5); '); end; I have this code in the MainModule Create as well as the first Form shown create. The UniSession.AddJS is sent but no browser change takes place. Please advise - thanks. Quote Link to comment Share on other sites More sharing options...
andyhill Posted January 24, 2018 Author Share Posted January 24, 2018 I have come up with a work around for my environment. As general information I have included my redirect research below. JavaScript Redirect Methods ////////////////////////////////////////////////////////////////////////// // Sets the new location of the current window. window.location = "https://www.example.com"; // Sets the new href (URL) for the current window. window.location.href = "https://www.example.com"; // Assigns a new URL to the current window. window.location.assign("https://www.example.com"); // Replaces the location of the current window with the new one. window.location.replace("https://www.example.com"); // Sets the location of the current window itself. self.location = "https://www.example.com"; // Sets the location of the topmost window of the current window. top.location = "https://www.example.com"; Though the above lines of JS code accomplish a similar job in terms of redirection, they have slight differences in their usage. For example, if you use top.location redirect within an iframe, it will force the main window to be redirected. Another point to keep in mind is that location.replace() replaces the current document by moving it from the history, hence making it unavailable via the Back button of the browser. It is better to know your alternatives but if you want a cross-browser compliant JavaScript redirect script, our recommendation will be to use the following in your projects: window.location.href = "https://www.example.com"; Quote Link to comment Share on other sites More sharing options...
pedrisco Posted January 25, 2018 Share Posted January 25, 2018 Good to know, and just for the record, in your first snippet you were trying to redirect using "uniSession.SSL" as a control variable. I don't know what uniSession.SSL means, but in my tests no matter the url is (http or https), it acts just like UniServerModule.SSL.enabled. So, uniSession.SSL cann't be used "TO KNOW" whether the browser request was https or http. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.