Yii Framework Forum: Forcing Https in Yii - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Forcing Https in Yii What is the best way to force Yii to serve a page with https? Rate Topic: -----

#1 User is offline   Pablovp 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 12-April 11
  • Location:Bratislava

Posted 03 November 2011 - 06:34 AM

Hi! I'm using the filter class http://www.jaburo.net/?p=40 made by Edgar Ngwenya, which I think works pretty cool.
class HttpsFilter extends CFilter 
{
    protected function preFilter($filterChain) 
    {
        if ( !Yii::app()->getRequest()->isSecureConnection ) 
        {
            # Redirect to the secure version of the page.
            $url = 'https://' .
                Yii::app()->getRequest()->serverName .
                Yii::app()->getRequest()->requestUri;
                Yii::app()->request->redirect($url);
            return false;
        }
        return true;
    }
}

The problem is that once the filter is called, the secure connection stays activated, when what I want is have https just in certain pages (actions) of my site.

So what I have done is copy the filter to make a HttpFilter.php
class HttpFilter extends CFilter 
{
    protected function preFilter($filterChain) 
    {
        if ( Yii::app()->getRequest()->isSecureConnection ) 
        {
            $url = 'http://' .
                Yii::app()->getRequest()->serverName .
                Yii::app()->getRequest()->requestUri;
                Yii::app()->request->redirect($url);
            return false;
        }
        return true;
    }
}


And I add the filter in the controller for the actions where I don't want https:
public function filters()
    {
        return array(
            'https +new, payment',
            'http +index, complete'
        );
    }


This works, but I'm not sure if it's a good approach. What do you think?

Thanks, Pablo.
0

#2 User is offline   windsor 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 04-October 11
  • Location:Tampa, FL

Posted 18 November 2011 - 05:39 PM

This is a good question. I would also like to know the answer. Please post back if you have resolved it. Thanks!
0

#3 User is offline   ScallioXTX 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 54
  • Joined: 14-September 09
  • Location:The Netherlands

Posted 19 November 2011 - 07:01 AM

The principle of this method sounds perfectly fine, but filtering http(s) at this point is pretty late, because Yii has already started up and everything. It would be better to catch an redirect the request earlier.
I would do this in the .htaccess file.
Also make sure that your application creates the correct URLs for the different part so you avoid redirects as much as possible.

So instead of making a link for http and relying on .htaccess to rewrite to https make the link to https directly. This will save one rewrite and thus be faster.

A good example for the .htaccess can be found here http://www.sitepoint...-with-.htaccess
Pure mathematics is, in its way, the poetry of logical ideas.
-- A. Einstein

Follow me on twitter, @scallioxtx
1

#4 User is offline   Pablovp 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 12-April 11
  • Location:Bratislava

Posted 15 February 2012 - 05:31 PM

Now that I have had a little bit of time to go back to this topic, I have understood what I was doing wrong.

So I'm keeping the HttpsFilter of Jarubo, but I have removed my stupid HttpFilter:
public function filters()
    {
        return array(
            'https +new, payment',
        );
    }


And then I'm creating the CHtml::link using CController:createAbsoluteUrl like:
CHtml::link('Subscribe', $this->createAbsoluteUrl('subscription/new',array(),'https'))


And also using it in the last redirect to close the secure connection.
$this->redirect($this->createAbsoluteUrl('subscription/complete',array(),'http'));


Thanks, Pablo.
2

#5 User is offline   willowdan 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 26
  • Joined: 03-September 10

Posted 07 March 2012 - 09:30 AM

Just want to ask, isn't it better and faster to use .htaccess in forcing https?

Many thanks
0

#6 User is offline   ThePaulius 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 126
  • Joined: 17-February 12

Posted 20 March 2012 - 12:31 PM

View PostScallioXTX, on 19 November 2011 - 07:01 AM, said:

So instead of making a link for http and relying on .htaccess to rewrite to https make the link to https directly. This will save one rewrite and thus be faster.


Thanks I also followed the guide on www.jaburo.net/?p=40

But ended up using .htaccess due to it not working and my lack of time to learn/debug. Im also using Yii User, RSBAC and Bootstrap so im guessing my default controller isnt whats driving the ship.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]


:blink:
0

#7 User is offline   jowen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 191
  • Joined: 13-July 11
  • Location:Malaysia

Posted 15 June 2012 - 10:58 AM

Hi guys,

I follow the guild link. https only allow at login page not overall page. That is good news but somehow it always say can't establish a connection to the server at localhost when i click the https://.../login page and other pages still work fine using http. Anyone face this problem before?
Pls help. Thx

    
Unable to connect

Firefox can't establish a connection to the server at localhost.

  The site could be temporarily unavailable or too busy. Try again in a few
    moments.
  If you are unable to load any pages, check your computer's network
    connection.
  If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.

0

#8 User is offline   za_al 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 06-March 12

Posted 29 September 2012 - 06:03 AM

According to my research.

All pages better to use protocol Ssl. Because the session key will transmitted on to other pages.

If the pages do not transmitted information securely, will cause a user session to be stolen
0

#9 User is offline   Cade 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 04-July 12

Posted 23 November 2012 - 05:18 PM

I found a mixture of www.jaburo.net/?p=40 and yii's filter guide was the best solution as I wanted to redirect to HTTPS only on my proper server, whilst on my test server i wanted to keep with HTTP since I didn't have a proper SSL.

I defined the following in the main.php config (under params):
'force_https' => TRUE,

This is my HTTPS Filter (stored under protected/filters):
class HttpsFilter extends CFilter
{
	public $bypass = FALSE;

	protected function preFilter( $filterChain )
	{
		if((!Yii::app()->getRequest()->isSecureConnection) && (!$this->bypass))
		{
			# Redirect to the secure version of the page.
			$url = 'https://' .
				Yii::app()->getRequest()->serverName .
				Yii::app()->getRequest()->requestUri;
				Yii::app()->request->redirect($url);
			return false;
		}
		return true;
    }
}


then in the Controller I have:
	public function filters()
	{
		return array(
			array(
				'application.filters.HttpsFilter + login',
				'bypass' => !Yii::app()->params['force_https'],
			),
		);
	}



With the above approach, I can have a different config file on the main server and test server and if force_https is TRUE, it will redirect my login page, otherwise it will just skip through this validator.
Regards,
Cade

Current Projects
You Do It List: http://youdoitlist.com.au
2

#10 User is offline   romdoni 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 10-March 14

Posted 23 June 2014 - 05:44 AM

it's doesn't works for me
i always get looping page and give me an error "This webpage has a redirect loop"

Would you mind to help me, it was made me totaly stress
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users