How to redirect from HTTPS to HTTP without annoying error messages

http redirect https http-status-code-302
31,101

Solution 1

I am considering black-listing IE6 so that only it gets the slow meta refresh and everyone else gets the fast 302.

I would do something like that. Also include a plain HTML link in the body for accessibility.

Note that some other browsers do give a similar warning about leaving an HTTPS site, but in their case it is accompanied by a (generally pre-ticked) “don't ask me again” button. So by the time they get to your site they will almost certainly have told that warning to disappear. This doesn't make the warning less pointless, but at least it alleviates the problem.

  1. The secure server sends a 302 redirect to the client

You shouldn't 302 in response to POST. A theoretical browser that took the HTTP RFC seriously might respond to that by re-POSTing the form to the new URL. (Which, ironically, would make IE6's warning about information “being retransmitted to a nonsecure site” less misleading.) Instead use “303 See other”.

Solution 2

Reviving an old topic , but to make it compelete posting the following so other devs can have a choice of implementation

One way of moving bettween https to http without a warning message is to use client redirect using javascript.

Steps

  1. User enters login details on a https form and click on login button
  2. login button will post back to https form for login validation ( assuming login is correct) will redirect to a holding page which is also under https and displays the message ( please wait while the site redirects you)
  3. This holding page does a javascript redirect to the http page

no browser warning message will be displayed

HTH

Solution 3

I don't think there's any other way. That error message is for the user's benefit, and is present in IE 7 and Firefox 3 now as well. The only way that I know of to prevent it is to add your site as trusted within the browser.

Update: Oh, so it's not the mixed content error. I know which one you mean, though I still don't think you can disable the error. Generally, security errors are for the users benefit to protect them from potentially dangerous sites, and as such, cannot be disable by the (potentially unsafe) website itself.

Share:
31,101
Mr. Shiny and New 安宇
Author by

Mr. Shiny and New 安宇

I'm a software developer. Lately I work in PHP on Magento 2. Previously I worked in J2EE, SQL, HTML, JavaScript and CSS. My free time is spent raising a daughter and a son and indoctrinating them in the cult of Lego.

Updated on December 10, 2020

Comments

  • Mr. Shiny and New 安宇
    Mr. Shiny and New 安宇 over 3 years

    I want to redirect users, after HTTPS login, to the HTTP pages on the site. Using HTTPS for the whole site is not going to happen.

    What I have so far is the following:

    1. User posts the login form to the secure site
      • The secure server validates the credentials
      • The secure server sends a 302 redirect to the client

    This works, except on my machine in IE6 the user gets an error message because the default is to warn when exiting a secure page. These errors are a usability killer for me and thus a showstopper. I changed it so that step 3 is

    • Server sends html code with a meta refresh

    But this is very slow; even on my local machine it's noticeably slower than doing the 302 redirect.

    Is there a better way to accomplish the goal of a hassle-free redirection on standard settings that people use? IE6 represents 20%-25% of our traffic. Also, does anyone have any good info about which browsers will warn and which won't warn for the 302 redirect? I am considering black-listing IE6 so that only it gets the slow meta refresh and everyone else gets the fast 302.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

IIS HTTP to HTTPS relative redirect
Redirect from secure https to http for only one page
Redirect HTTPS to HTTP permanently, from Apache VirtualHost
How to work around POST being changed to GET on 302 redirect?
HTTP to HTTPS redirect even for IP
"Remove the following redirect chain if possible" on Nginx
nginx redirect http to https not working
HAProxy redirect HTTPS to HTTP
Redirect from http to https
How to redirect HTTP to HTTPS on AWS Application Load Balancer?