0

I have just added support SSL on my website

However unlike most websites if you go to Http it doesn't automatically change to Https The system administrator resolved this by configuring a permanent redirect 301, however the server is also used to verify licenses from my Java desktop application, and the permanent redirect caused the code to fail because it just receives Http response 301 so we had to remove the 301

So is there another way for a user to enter the non ssl url and it change to the secure version without breaking my application code that makes calls to non ssl url as well.

Paul Taylor
  • 13,411
  • 42
  • 184
  • 351

1 Answers1

0

FOR BROWSER(S) ONLY you can redirect with meta-refresh or javascript instead of HTTP; Java won't interpret meta or js even if your response to an application request is HTML, which APIs usually aren't. This is not a permanent redirect so it satisfies the constraint unnecessarily stated in your Q, but you could add HSTS (on the HTTPS connection only) so that subsequent browser requests to this domain (and optionally any subdomains) are forced to HTTPS before sending, for a period of time (commonly several months or a year).

dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
  • What I dont really understand is the solution make it sounds like I put something into my http page to redirect to my https page, but i only have one page. Whether user inputs http or https they get same page, so what happens if they are already on https page and then redirect ? – Paul Taylor Oct 07 '21 at 06:54
  • URLs with the same path but different schemes are different URLs, e.g. `http://myhost/xyz` and `https://myhost/xyz`, and your server must handle them differently. That was already true with 301 -- if you respond to both http request and https request with `status=301 location=https://blah` then it's an infinite redirect and causes browser to fail. (In fact there have been numerous Qs for various systems with exactly that mistake.) – dave_thompson_085 Oct 07 '21 at 20:54
  • I realize they are different urls and I dont know exaclty how it works Im not a system adminstrator but they both get served the same webpage, I dont have a https and a http version of the same page, Im using Apache tomcat and my application is a Java war file if that is relevant. – Paul Taylor Oct 07 '21 at 20:59