In this article I will describe how to manage URL management for secure sites and non-secure sites.
The content of the secure site is sent using the HTTPSSSL (Secure Sockets Layer) protocol, rather than the secure site using the HTTP protocol. To describe the simple, we call the former HTTPS content/page, the latter ' HTTP ' content/page. A demanding site usually requires some pages to use HTTPS, and some pages to use HTTP. For example, to prevent password sniffing, our login page uses HTTPS, and in order to relieve server pressure, we use HTTP for insensitive pages (for example, home pages).
When we are on the HTTPS page we will need to generate an HTTP page URL and vice versa. For example, a site has a main menu that all pages use, and the main menu contains links to HTTPS (for example, login pages) and HTTP (for example, about pages). If we are on an HTTP page, we can link directly to other HTTP pages (for example:/about), but we have to use an absolute URL address to link to other HTTPS pages using the HTTPS protocol. Ibid. If we are on the HTTPS page, we will also encounter a similar situation.
Another scenario is that we use the HTTP protocol request and Security page, we should redirect the browser to use the HTTPS protocol, and vice versa. The redefinition is typically 301 permanent redirection. This may be implemented using the rewrite rules of the Web server. But if we want to refine the security and non-secure pages, the rewrite rules can become very complex.
In order to achieve the above two requirements, we can inherit Curlmanager, as follows
Class Urlmanager extends curlmanager{/** * @var host information in string non-SSL mode */Public $hostInfo = ' http://localhost ‘; /** * @var host information in string SSL mode */Public $secureHostInfo = ' https://localhost '; /** * @var Array only the list of routes available in SSL mode. * Each item of an array can be either a URL route (example, ' site/create ') * or a controller ID (example, ' Settings '). The latter indicates that all actions of the controller are security pages */Public $secureRoutes = Array (); Public Function CreateURL ($route, $params = Array (), $ampersand = ' & ') {$url = Parent::createurl ($route, $p Arams, $ampersand); If the absolute URL has been returned directly if (Strpos ($url, ' http ') = = = 0) {return $url; }//Check whether the current protocol is the expected protocol//if not, you need to use the correct host information when generating the URL $secureRoute = $this->issecureroute ($route); if (Yii::app ()->request->issecureconnection) {return $secureRoute? $url: $this->hostinfo. $url ; } else {return $secureRoute? $this->securehostinfo. $url: $url; }} public function parseURL ($request) {$route = parent::p arseurl ($request); If the current protocol does not conform to the expected protocol, perform a 301 redirect $secureRoute = $this->issecureroute ($route); $sslRequest = $request->issecureconnection; if ($secureRoute!== $sslRequest) {$hostInfo = $secureRoute? $this->securehostinfo: $this->hostinfo; if ((Strpos ($hostInfo, ' https ') = = = 0) xor $sslRequest) {$request->redirect ($hostInfo. $requ Est->url, True, 301); }} return $route; } private $_securemap; /** * @param string needs to check the URL route * @return whether the boolean-given URL route should be in SSL mode */protected function Issecurero Ute ($route) {if ($this->_securemap = = = null) {foreach ($this->secureroutes as $r) { $this->_securemap[strtolower ($r)] = true; }} $route = Strtolower ($route); if (Isset ($this->_securemap[$route])) {return true; } else {return ($pos = Strpos ($route, '/'))!== false && isset ($this->_secu Remap[substr ($route, 0, $pos)]); } }}
Now, in the configuration of the application, we should use our URL Manager instead of the default.
Return Array ( //..... Components ' = = Array (' urlmanager ' = = Array ( ' class ' = ' Urlmanager ', ' urlformat ' = ' path '), ' hostinfo ' = ' http://example.com ', ' securehostinfo ' = ' https://example.com ', ' secureroutes ' = > Array ( ' Site/login ', //Site/login action ' site/signup ', //site/signup action ' Settings ', //All actions of Settingscontroller),),) ;
In the code above, we configured the Urlmanager login, registration, and all settings pages as secure pages. If you want to add additional pages, simply add the appropriate content to the Secureroutes array.
Now we can use the Yii::app ()->createurl () method to create the URL address as usual. Our Urlmanager will automatically determine if a suitable prefix is required and the URL Manager will perform a 301 redirect if necessary.
Yii Framework – URL management for secure sites and non-secure sites