On 10/5/05, Martin Matusiak <numerodix@...> wrote:
> I need a way to check whether the current servlet was accessed through ht=
> or not. If not, I want to rewrite the url to https and inform the user. H=
> can I check this?
> I'm using webware 0.8.
Here is what I do in one of my apps: In SitePage, which is the
ancestor class of all my pages, I have:
=09requiredProtocol =3D 'http://' # subclasses could override to be
'https://'. logic in _respond() does the right thing
then in particular servlets, I say:
=09requiredProtocol =3D 'https://'
The code that enforces this is in SitePage and follows. "It works for
me." Also, Christoph's technique of checking the port looks
interesting as it removes the reliance on SCRIPT_URI which on older
versions of Apache (I don't know about newer ones) only exists if
mod_rewrite is on.
=09def _respond(self, trans):
=09=09req =3D self.request()
=09=09uri =3D req.environ().get('SCRIPT_URI', None)
=09=09if uri is not None: # SCRIPT_URI is not standard. typically
provided by mod_rewrite
=09=09=09if self.isProduction: # typically only prod has https:// working
=09=09=09=09if req.method()!=3D'POST': # there's no way to redirect a user
agent to POST to diff URL
=09=09=09=09=09if not uri.startswith(self.requiredProtocol) and not
=09=09=09=09=09=09# okay, the URI is *not* using the required protocol. fix=
=09=09=09=09=09=09qs =3D req.queryString()
=09=09=09=09=09=09qs =3D qs and '?'+qs or ''
=09=09=09=09=09=09uri =3D self.requiredProtocol + uri.split('://', 1) + =
=09=09=09=09=09=09uri =3D uri.replace('/www.', '/') # SCRIPT_URI seems to a=
include the host name, but at SA we do the opposite