NYCPHP Meetup

NYPHP.org

[nycphp-talk] Fix for IE Security Alert " You are about to be redirected to a connection that is not secure"

Andy Dirnberger dirn at dirnonline.com
Sat Jun 16 12:15:56 EDT 2007 

It looks like all the C# does is decode the URL of the page to which you
want to redirect.  The page then uses JavaScript (window.location.replace)
to actually handle the redirect.

You should be able to accomplish this with something like:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
  $to = urldecode ($_GET ['to']);
?>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head>
    <script type="text/javascript" language="javascript">
      <!--
        window.location.replace ("<?php echo $to; ?>");
      -->
    </script>
    <title></title>
  </head>
  <body></body>
</html>

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Cliff Hirsch
Sent: Saturday, June 16, 2007 10:38 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Fix for IE Security Alert " You are about to be
redirected to a connection that is not secure"


On 6/16/07 8:24 AM, "Cliff Hirsch" <cliff at pinestream.com> wrote:

> On 6/16/07 12:00 AM, "Allen Shaw" <ashaw at polymerdb.org> wrote:
> 
>> Cliff Hirsch wrote:
>>> When redirecting from a secure login page to a non-secure page after
logging
>>> in, Internet Explore pops up the following security alert:
>>> 
>>> ³You are about to be redirected to a connection that is not secure"
>>> 
>>> Doe anyone know how to prevent this?

I found an ASP fix: http://www.codeproject.com/useritems/switchprotocol.asp

Implement Tranz.aspx, which takes care of the script-block redirect:

<%@ Page Language="C#" Theme="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void Page_Load(object sender, EventArgs e) {
   _to = Server.UrlDecode(Request.QueryString["to"]);
}
private string _to;
protected void js() {
   Response.Write("window.location.replace(\"" + _to + "\");");
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<script type="text/javascript" language="JavaScript">
<!--
<% js(); %>
-->
</script>
<title></title></head><body></body>
</html>

Don't know what this does. Anyone have a PHP equivalent?


_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the talk mailing list