No, you can't just redirect, because then you are submitting insecure content anyway, the redirect to https would be meaningless since the request was already visible.
You should be using relative urls. where /
is the same as just the domain name
/
= domain.com
/page
= domain.com/page
without the leading /
the url is relative to the current uri (minus the query vars):
So, from http://domain.com/page
-
action: foo
= http://domain.com/page/foo
action: /foo
= http://domain.com/foo
http or https will be preserved this way.
Another way is to lead the domain with 2 slashes action: //domain.com
though i think older IE versions don't get it.