HTTP/HTTPS，没有index.php，使用htaccess，加上XHR

删除index.php并强制使用HTTP/HTTPS 我读过很多关于人们试图对某些视图强制使用HTTPS并为其他视图返回HTTP的帖子。我也为此苦苦挣扎了一段时间，但我认为这个解决方案非常可靠。第一个

删除index.php并强制使用HTTP/HTTPS

我读过很多关于人们试图对某些视图强制使用 HTTPS 而对其他视图返回 HTTP 的帖子。我也为此苦苦挣扎了一段时间，但我认为这个解决方案非常可靠。

首先，让你的 base_url 在 http 和 https 之间自动调整让一切变得更加容易。这样您的所有 base_url() 和 site_url() 调用都具有正确的协议。

<code><span><span>$config[</span><span>'base_url'</span><span>] </span><span>= </span><span>"http"</span><span>.((isset(</span><span>$_SERVER[</span><span>'HTTPS'</span><span>]</span><span>) && </span><span>$_SERVER[</span><span>'HTTPS'</span><span>] </span><span>== </span><span>"on"</span><span>) ? </span><span>"s" </span><span>: </span><span>""</span><span>).</span><span>"://"</span><span>.</span><span>$_SERVER[</span><span>'HTTP_HOST'</span><span>]</span><span>.</span><span>str_replace</span><span>(</span><span>basename</span><span>(</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>),</span><span>""</span><span>,</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>); </span></span>

$config[

'base_url'

<span><span><</span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>RewriteEngine on<br>     Options </span><span>+</span><span>FollowSymLinks<br>     RewriteBase </span><span>/<br>     <br>     </span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>     RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>     RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br> </span><span></</span><span>IfModule</span><span>><br> <br> <</span><span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br> </span><span></</span><span>IfModule</span><span>> </span></span>] 

= 

"http"<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{HTTPS} on </span></span>

.((isset(

$_SERVER[

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>'HTTPS'

]

) && <span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

$_SERVER[

'HTTPS'

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br> RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>] 

== 

“开启”） ? “s” : "")。"://"。$_SERVER[ 'HTTP_HOST'].str_replace(基本名称($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']）；  从通常的 htaccess 文件开始： IfModule mod_rewrite.c><br>     RewriteEngine 开启<br>     选项 +FollowSymLinks<br>     RewriteBase /<br>     <br>     RewriteCond %{REQUEST_FILENAME} !-f<br>     RewriteCond %{REQUEST_FILENAME} !-d<br>     RewriteRule ^(.*)$ 索引.php/$1 IfModule><br> <br> IfModule !mod_rewrite.c><br>     错误文档 404 /索引.php<br> </<🎜><🎜>IfModule<🎜><🎜>>  然后您可以使用以下命令检查 HTTPS 是否已打开： RewriteCond %{HTTPS} 关闭<br> RewriteCond %{HTTPS}，位于 例如，要在所有页面上强制使用 HTTPS，您可以使用以下命令： RewriteCond %{HTTPS} 关闭<br> RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]  在某些页面上强制使用 HTTPS： RewriteCond %{HTTPS} 关闭<br> RewriteCond %{REQUEST_URI} (身份验证|注册|安全）<br> 重写规则 ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [ R=301]  返回 HTTP： RewriteCond %{HTTPS} 上<br> RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]  要在所有其他页面上返回 HTTP，您需要为安全页面添加例外：

<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> <br> </span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br> RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> </span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>

为了避免部分加密的页面，您需要为您可能使用的任何其他 URI（例如图像或脚本文件夹）添加例外。我喜欢将所有内容放在名为“static”的文件夹中 （‘static/images’、‘static/js’等）所以我只添加一个例外。

<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>) </span></span>

成品：

<span><span><</span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>RewriteEngine on<br>     Options </span><span>+</span><span>FollowSymLinks<br>     RewriteBase </span><span>/<br>     <br>     </span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>     RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>     RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br> <br>     RewriteCond </span><span>%</span><span>{HTTPS} off<br>     RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>     </span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> <br>     </span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br>     RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>     </span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br> </span><span></</span><span>IfModule</span><span>><br> <br> <</span><span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>     </span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br> </span><span></</span><span>IfModule</span><span>> </span></span>

HTTPS 和 XmlHttpRequest（Ajax）

当您尝试在域之间加载内容时，XHR 调用不仅会引发安全错误，而且还会在 HTTP 和 HTTPS 之间加载内容。其次，apache 传递的标头允许浏览器自动 重定向，但 XmlHttpRequest 对象不重定向。

要解决此问题，您必须为计划从一种协议访问另一种协议的任何 URI 添加例外。

示例：

<code><span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>|</span><span>categories</span><span>/</span><span>get_list</span><span>|</span><span>products</span><span>/</span><span>get_types</span><span>)<br> <br> </span><span><?</span><span>=</span><span>site_url</span><span>(</span><span>'categories/get_list'</span><span>);</span><span>?> </span></span>

RewriteCond 

%

{REQUEST_URI} 

<span><span>$route[</span><span>'xhr/(:any)'</span><span>] </span><span>= </span><span>''</span><span>; </span></span>！（静态|

auth| 注册|安全|类别/get_list|产品/get_types） =site_url('categories/get_list');？>  我很快发现，当我在安全的环境中收到大量请求时，这变得乏味且令人困惑。救援路线！ 将以下内容添加到您的路线文件中： $route['xhr/(:any)'] = '$1'; 

并将“xhr”添加到您的例外列表中；现在，您可以在应用程序中调用任何 URI，而无需更改协议，同时仍然允许浏览器使用另一个控制器查看该控制器 协议。

<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>xhr</span><span>|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br> <br> </span><span><?</span><span>=</span><span>site_url</span><span>(</span><span>'xhr/categories/get_list'</span><span>);</span><span>?> </span></span>

希望这对您有所帮助！

菲尔