Redirect secure 'https' requests using getPageContext() and isSecure()
Working on a site using a shared ssl, where only 2 specific pages of the site are required to operate under the https:// SSL prefix, I needed a quick way to check whether a page request for either of those pages was using the 'https' prefix - if not, redirect, adding the 's'. Likewise, all other pages, we want to make sure they are not using the 's' and redirect without it.
I found this blog post, which got me started: http://www.chapter31.com/2007/07/21/detecting-and-redirecting-http-to-https/
Using the fun and interesting CF goodies
getPageContext() and isSecure()
<!--- REDIRECTION TO SSL / non-SSL --->
<cfset secureRequest = getPageContext().getRequest() />
<!--- for these pages, redirect to secure (https) page --->
<cfif cgi.SCRIPT_NAME contains 'payment.cfm' OR cgi.SCRIPT_NAME contains 'payment_response.cfm'>
<cfif NOT secureRequest.isSecure()>
<cflocation url="https://#secureRequest.getServerName()##secureRequest.getRequestURI()#?#secureRequest.getQueryString()#" addtoken="false" />
</cfif>
<cfelse>
<!--- for all other pages, redirect to non-secure (http) page --->
<cfif secureRequest.isSecure()>
<cflocation url="http://#secureRequest.getServerName()##secureRequest.getRequestURI()#?#secureRequest.getQueryString()#" addtoken="false" />
</cfif>
</cfif>
Quick and simple.
@people: if the redirection isn't what it should be, try dumping out the isSecure results to see what you're getting!