如何让IE6在从https到http的跳转中不出安全提示

最新推荐文章于 2024-04-08 19:51:02 发布

sandysong28

最新推荐文章于 2024-04-08 19:51:02 发布

阅读量3.5k

点赞数

文章标签： ie hyperlink reference redirect user output

本文链接：https://blog.csdn.net/sandysong28/article/details/6532601

版权

如果你的产品有从https到http的跳转（在登录的时候经常遇到），遇上IE6的话，会弹出一个安全提示，提示你从正在跳入不安全的网页。这个虽然是合理的，但是对用户来说不是很爽。

网上搜了一下解决方案，其中有个家伙说使用303 See Other的话，可以避免这个问题，详细介绍请移步：http://stackoverflow.com/questions/651772/how-to-redirect-from-https-to-http-without-annoying-error-messages

经过尝试，证实这个方法不行，根据rfc2616介绍：

10.3.4 303 See Other

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable.

The different URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

      Note: Many pre-HTTP/1.1 user agents do not understand the 303
      status. When interoperability with such clients is a concern, the
      302 status code may be used instead, since most user agents react
      to a 302 response as described here for 303.

猜测浏览器可能都把303当做302处理的，似乎303只是为了在处理POST请求时跳转到其他resource用的。

最后嘛，不得不用土办法，一个是在js中跳转，一个是在meta中refresh：

//js jump
echo "<mce:script type="text/javascript"><!--
window.location=/"{$strUrl}/";
// --></mce:script>"; 

//meta refresh
echo "<meta http-equiv=/"refresh/" content=/"0; url={$strUrl}/" />";