Redirecting HTTP to HTTPS, part DUH.

It always helps to know what you are doing…

After much head bashing and tooth gnashing, I discovered that the real reason that most people recommending a solution to this problem present a client-side redirect is pretty simple:

When browsers swith from a http:// rooted URI to a https:// rooted URI, they effectively assume that they are switching to a new website (which, effectively, they are).

So, I implemented a client-side redirect by replacing the default “https required” IIS 403.4 error page with a custom page containing this javascript code:

function goElseWhere()
{

var oldURL = window.location.hostname + window.location.pathname;

var newURL = "https://" + oldURL;

query = '' + window.location;
position = query.indexOf('?');
if (position > -1)
{
query = query.substring(position + 1);
newURL = newURL + "?" + query;
}

window.location = newURL;

}
goElseWhere();

// end hide -->

Unfortunately, this still does not work for MS Office programs. Office refuses to recognize a redirect request (be it either server or client based), so anyone attempting a manual save to an http:// rooted URI will just get an error. Nothing to be done for it... it is an office bug. Report it to the Office team, it is not my fault.

Advertisements