NYCPHP Meetup

NYPHP.org

[nycphp-talk] Fix for IE Security Alert " You are about to be redirected to a connection that is not secure"

Cliff Hirsch cliff at pinestream.com
Sat Jun 16 13:06:04 EDT 2007


On 6/16/07 12:15 PM, "Andy Dirnberger" <dirn at dirnonline.com> wrote:

> It looks like all the C# does is decode the URL of the page to which you
> want to redirect.  The page then uses JavaScript (window.location.replace)
> to actually handle the redirect.
> 
> You should be able to accomplish this with something like:
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> <?php
>   $to = urldecode ($_GET ['to']);
> ?>
> <html xmlns="http://www.w3.org/1999/xhtml" >
>   <head>
>     <script type="text/javascript" language="javascript">
>       <!--
>         window.location.replace ("<?php echo $to; ?>");
>       -->
>     </script>
>     <title></title>
>   </head>
>   <body></body>
> </html>

I finally analyzed the Yahoo login, and the above solution is very similar.
Here's how Yahoo does it -- very nice, multiple levels of fallback. The page
below is still https, so you don't get the IE https -> http warning.

<html>
<head>
<script language="JavaScript">
<!--
window.location.replace("http://finance.yahoo.com/");
// -->
</script>
<meta http-equiv="Refresh" content="0; url=http://finance.yahoo.com/">
</head>
<body>
If you are seeing this page, your browser settings prevent you
from automatically redirecting to a new URL.
<p>
Please <a href="http://finance.yahoo.com/">click here</a> to continue.
</body>
</html>





More information about the talk mailing list