Forcing a specific page to use HTTPS with angularjs - javascript

In our application we have a payment page that we want to use SSL on because we are handling credit card information. We've already put in place rewrite rules for apache to redirect a request to the specific page to HTTPS -- which takes care of any direct requests to the payment page ( http://oursite.com/pay ).
However most navigation in our site is done via relative urls and states using ui-router in angularjs and we have found that apache does not catch these requests and so serves the page without SSL.
EX If a user clicks a link with ui-sref='pay' ui-router loads the template and refreshes the state -- at no point is a request made to the server for a new uri so apache can't redirect to https
Is there a way to force ui-router(or angular in general) to force a state to use HTTPS without having to change all links to reload the entire site?
Of course this may also be a shortcoming in our rewrite rules...Here's what we have so far
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} /pay
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^ index.html [L]
The second set of rules is to enforce html5mode for our app.
RewriteCond %{REQUEST_FILENAME} !-f is in place so that angular can fetch the payment template for the state without needing SSL. Is this okay?

I had a similar problem, although was using $routeProvider in a SPA application. What I did was to enforce a redirect inside the controller:
var forceSSL = function () {
if ($location.protocol() !== 'https') {
$window.location.href = $location.absUrl().replace('http', 'https');
}
};
forceSSL();
This though does reload all resources. However, this happens only once when switching to SSL mode.
Note, the function is actually in a service so can be called from anywhere.
I hope this helps.

Related

Force https via .htaccess with one post http url exception made using fetch

I am able to force https for a domain using this code:
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^index.html$ / [L,R=301]
RewriteCond %{THE_REQUEST} /([^.]+)\.html [NC]
RewriteRule ^ /%1 [L,R]
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.*?)/?$ /$1.html [L]
ErrorDocument 404 /404.html
Now I need to make a get request to a strictly http url using fetch jquery using
fetch('http://universities.hipolabs.com/search?country=canada') //api for the get request
.then(response => response.json())
.then(data => showUnis(data) );
How do i add this exception to the .htaccess file so the get request can work? Any help is appreciated in advance.
Ideally, you would be sending a custom HTTP request header as part of your client-side JavaScript request. For example, if you are sending the HTTP request header JavaScript-Request: 1 then in your redirect rule in .htaccess it is straight forward to make an exception. For example:
RewriteCond %{ENV:HTTPS} !on
RewriteCond %{HTTP:JavaScript-Request} !1
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Then, to make an exception for any other URLs you just need to make sure you are sending the appropriate HTTP request header as part of the request.
Otherwise, you would need to make an exception for this specific URL (and anyone making a request to this URL in their browser will also be excluded from the redirect).
For example:
RewriteCond %{ENV:HTTPS} !on
RewriteCond %{THE_REQUEST} !\s/search\?country=canada\s
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You'll need to clear your browser cache before testing (since 301s are cached persistently by the browser). Test first with 302 (temporary) redirects to avoid potential caching issues.
HOWEVER, this is likely to trigger an insecure browser warning when the initial insecure HTTP request is made and the browser is likely to block the request anyway. Realistically, you need to be HTTPS everywhere.

Locked out of wordpress admin wp-admin while trying to activate https manually [duplicate]

My word press installation resides in public_html/cushbu folder
and it will be accessed by www.example.com/cushbu so i have changed the base url's in wp-config.php
define('WP_HOME','http://www.example.com/cushbu/');
define('WP_SITEURL','http://www.example.com/cushbu/');
Also i've edited this line .htaccess file
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com/cushbu/ [NC]
the problem is i can't access the wp-admin its redirected to old url
So how can i completely change the base url??
Change the url in your database table called wp_options field's home url and site url. Change it to your new url.
outside of cushbu folder, in public_html folder, you should have .htaccess file modify that file with the following line.
# Redirect Trailing Slashes...
RewriteEngine On
RewriteBase /
RewriteCond $1 !^(cushbu)
and WordPress source has .htaccess file edit like this
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /cushbu/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /cushbu/index.php [L]
</IfModule>
You need to change the site URL and home URL in the database too. Its in the wp_options table. I hope you have database access.
Cheers!
Follow simple steps to replace in core database url
1) You need to export your old database to local computer
2) Notepad++ editor or some other editor tool. replace (cntrl+H) in notepad++
3) First Find http://www.example.com/cushbu/ and Replace with new URL eg. http://www.newexample.com/cushbu/
4) Second Find without http www.example.com/cushbu/ and Replace with new URL eg. www.newexample.com/cushbu/
5) Final find any old url is present or not.if yes than replace by new url and save.
6) Import new replaced database to old database and login by wp-admin and click on Settings / Permalinks now it's done.

How to make a start page in a dynamic directory?

If I need start page with dynamic language URL like that:
https://stackoverflow.com.ru./
What should I do?
Should I do a redirect from a static start page or other options are exist?
I need the right way.
Use 301 redirect by .htaccess
ru and stackoverflow.com are as examples
RewriteEngine On
RewriteCond %{HTTP_HOST} !^ru\.stackoverflow\.com$ [NC]
RewriteRule ^(.*)$ http://ru\.stackoverflow\.com/$1 [R=301,L]
Place this .htaccess file in stackoverflow.com/ directory.

How to hide .html extension in url using Javascript

Is there any way to hide .html extension from URL using JavaScript.
FOR ex:
mysite.html hide.html here from url
You cannot achieve this through javascript, this need to be done through .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
More information about mod_rewrite module here.
You can with html5, but also you can use url rewriting, or seo friendly urls, on the server side.
window.history.pushState({"html":'<html></html>',"pageTitle":'this is my title'},"", 'http://stackoverflow.com/mynewurl');
However keep in mind you can only change the url to one which is the same domain as the original!
There is a great library called history.js which helps with cross browser and version compatibility

$.post to Codeigniter Controller/Method 404 Page Not Found

I have developed a Codeigniter prototype application and hosted with Godaddy.com during the development phase for testing purposes without issue. This application uses a combination of javascript, jquery, HTML5, CSS and PHP (Codeigniter Framework). This week I have transferred the application to the clients server and have had many configuration issues but finally hit a wall.
The client set up a fresh install on a new Linux/Apache2 server with PHP5. mod_rewrite is enabled and allowoverride is set to all. The Apache2 settings (per the client are)...
My .htaccess script(since this issue I have tried many different .htaccess versions)...
RewriteEngine On
RewriteBase /CI/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
My javascript code for posting serialized form data to PHP page...
$.post('login_ctrl/authenticateuserlogon', $formData, function($responseData)
{
$userAuthentication=$responseData.userAuthentication;
if ($userAuthentication=='success')
{
window.location.href = "student_portal_ctrl";
}
else
{
$('#loginErrDiv').text('Username or Password is incorrect - Please try again.');
return;
}
});
My codeigniter file structure is...
-root /
/CI
/application
/system
/index.php
/license.txt
/.htaccess
When I post to this controller/method, the browser outputs...
-----EDIT-----
Sorry, forgot to include my config.php settings, here they are...
$config['base_url'] = '';
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO'; //I have tested the app using all of codeigniters
//default URI Protocols
-----EDIT #2-----
This is the method on the controller that is receiving the 404 error
//AUTHENTICATE USER LOGIN FUNCTION
public function authenticateuserlogon()
{
//SETTING $FORMDATA TO SERIALIZED POST DATA
$formData = $this->input->post();
//Sets the Method for the login_mdl
$modelMethod=$formData['modelMethod'];
//LOADING USER AUTHENTICATION LOGIN MODEL
$this->load->model('login_mdl');
//SENDING FORMDATA TO MODEL AND RETURING DATA TO $RESPONSEDATA
$responseData = array();
$responseData = $this->login_mdl->$modelMethod($formData);
//OUTPUTTING JSON RESPONSE DATA BACK TO JAVASCRIPT
$this->output->set_output(json_encode($responseData));
}
Use this .htaccess which is tested by me and working fine
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /CI/
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 /index.php
</IfModule>
and in your config.php file use this,
$config['base_url'] = "http://".$_SERVER['HTTP_HOST'];

Categories