PHP: Persist form data across redirect

Question

I have an existing website with tons of references to http://domain.com on it. We want to enforce https on the pages, so I added a simple code snippet:

    if($_SERVER["HTTPS"] != "on") {
        die(header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]));
        exit(); // to ensure the script stops here, just in case
    }

This works, except that a lot of the files have self-referencing forms with http in the action. For example, on page.php there might be:

<form action="http://domain.com/page.php" method="post">
<input type="text" name="sample" />
<input type="submit" value="Next" />
</form>

Is there any way for me to enforce this redirect snippet from above without breaking all these forms? The goal is to avoid having to manually update each of the 100s of files doing a tedious find/replace step-through for "http/https".

Answer 1

No, you can't just redirect, because then you are submitting insecure content anyway, the redirect to https would be meaningless since the request was already visible.

You should be using relative urls. where / is the same as just the domain name

/ = domain.com

/page = domain.com/page

without the leading / the url is relative to the current uri (minus the query vars): So, from http://domain.com/page -

action: foo = http://domain.com/page/foo

action: /foo = http://domain.com/foo

http or https will be preserved this way.

Another way is to lead the domain with 2 slashes action: //domain.com though i think older IE versions don't get it.