There was a recent thread on the mach-ii mailing list where a user wanted to detect whether a request was being made via http or https.
This is quite a common step developers take when working on a site with secure (SSL) and non-secure areas. As the list is mach-ii there are a couple of obvious framework specific options to take, those being Filters and Plugins. Although Peter Farrel does have an sslPlugin available, I liked the approach put forward by Matt Osbun:
<cfif Compare(cgi.SERVER_PORT,443)> <cflocation url="https://#cgi.server_name##cgi.path_info#?#cgi.query_string#" addtoken="false"/> </cfif>
Now I know a lot of people don’t like using CGI scoped variables, even the more common ones, so I thought I’d try it out with getPageContext().
<!--- set up the getRequest method for easy access ---> <cfset oRequest = getPageContext().getRequest() /> <cfif compare(oRequest.getServerPort(), 443)> <cflocation url="https://#oRequest.getServerName()##oRequest.getRequestURI()#?#oRequest.getQueryString()#" addtoken="false" /> </cfif>
As you can see it’s a little bit longer, but I believe is a safer option than relying on CGI variables.
A slight modification (using getRequest()) is testing the isSecure() which “Returns true if this protocol is secure“:
<!--- set up the getRequest method for easy access ---> <cfset oRequest = getPageContext().getRequest() /> <cfif NOT oRequest.isSecure()> <cflocation url="https://#oRequest.getServerName()##oRequest.getRequestURI()#?#oRequest.getQueryString()#" addtoken="false" /> </cfif>
I’m still (slowly) making my way through getPageContext(), it can provide an absolute wealth of knowledge for the ColdFusion programmer. You can view the 1.4 pagecontext docs here and the servletrequest docs here.
10 Comments
Nice post! I love the .isSecure() function a lot – who hasn’t had to deal with this scenario.
I have been trying to explore the GetPageContext() also. You might want to see what I have so far:
http://www.bennadel.com/index.cfm?dax=blog:758.view
I have not gone through the GetRequest() object yet (although I do use the GetRquestURL() string buffer sometimes).
Anyway, now I want to go and jump into it again
Thanks Ben, wow you’ve certainly been exploring getPageContext() hehe!
Excellent
Thank you! this really helped me with a problem
thanked post
thanks:but
sticks me in an infinite loop
the 3rd piece of code puts me in an infinite loop
@Nikos – Not sure if this page was caching on an old draft, the 3rd example works fine but you should check that you have
cfif NOT oRequest.isSecure()
Note the “isSecure()”
Yeah I’ve put cfif NOT oRequest.isSecure() in but I still get the same problem.
I’ve also cleared my browser cache
Not sure what I can tell you except I have it running in multiple production sites! Here is a slightly different version…from a live site:
Inside onRequestStart()
——————————————
<cfscript>
oRequest = getPageContext().getRequest();
request.isSecure = oRequest.isSecure();
</cfscript>
Inside a shopping cart page
——————————————
<cfif NOT request.isSecure>
<cflocation url=”#application.config.httpsURL#” addtoken=”false”>
</cfif>
Thanks for this, worked great to redirect some login pages.