internet explorer - HTTP POST converting to HTTPS GET on redirect by proxy server -
i have weblogic cluster domain has following configuration: 2 managed servers, 1 admin server, , proxy server.my webapp deployed in 2 managed servers.
the ssl ports on both managed servers enabled , have added user data constraint confidential in web.xml, ssl ports used communication mywebapp.
<user-data-constraint> <transport-guarantee>confidential</transport-guarantee> </user-data-constraint>
now here issue:
the http post request form internet explorer client http port of proxy server gets converted https when proxy server redirects request ssl port of 1 of managed server. hence, internet explorer client never receives response of http post.
my goal here enforce https if client uses http. there problem configuration? want somehow prevent internet explorer converting http post http on receiving "302 found"
if client gets http 303 see also
code, unconditionally submit request. if client gets http 302 found
, should submit same type of request (post) on redirected url, user confirmation. may not work on older browsers tend treat 302 found
if 303 see also
.
anyway, having form on non-secure page submit data on secure page bad idea.
the form page may corrupted , spied in way can imagine, , user cannot sure data submits data sees.
example: form has "maindata" field. intermediate phishing site can write javascript spy entered data, put hidden "maindata" field containing whatever wishes , show dummy "fakeignoredata" field user.
solution: put form page , submission page on same https server.
Comments
Post a Comment