这是一个修复 Wordpress 在使用 Cloudflare Flexible SSL 时,出现无限个重定向循环的问题的插件和原理介绍:
https://www.icontrolwp.com/2014/10/enabling-cloudflares-universal-flexible-ssl-wordpress-without-infinite-redirect-loops/其中写到:
As with all things that are simple, when combined with WordPress it’s never, ever as easy as you’d like.
You can’t just pop into CloudFlare and turn on Flexible SSL.
Why? Because with Flexible SSL, the web requests that hit your actual WordPress site are actually still “non-SSL”. This means that when WordPress responds with assets/links, it’s still using the non-SSL protocol: “HTTP://” instead of “HTTPS://”.
You need a way to “trick” WordPress into serving the site as-if it’s actually running on HTTPS.
To facilitate this, we’ve created a very simple WordPress plugin to do just that. It examines the traffic and request headers coming to your WordPress site and if it sees it’s coming from CloudFlare, and it’s HTTPS, we turn on SSL for WordPress, tricking it into believing it’s an HTTPS/SSL connection.
当你使用 Flexible SSL 时,(Cloudflare)向你用于搭建 Wordpress 的主机发送的 Web 请求,自然而然不经 SSL 。这意味着 Wordpress 响应请求时发出的元素/链接,都非 SSL 连接。链接将仍使用 HTTP 而不是 HTTPS 协议。
插件的 PHP 代码是这样写的:
if ( isset( $_SERVER['HTTP_CF_VISITOR'] ) && strpos( $_SERVER['HTTP_CF_VISITOR'], 'https' ) !== false ) {
$_SERVER['HTTPS'] = 'on';
}
我的疑问:
经过我的测试,为什么除了 Wordpress 之外的许多程序都没有这个问题呢?按这个原理,Flexible SSL时,其他PHP程序也会响应 non-SSL的元素/链接,用户浏览器访问的依然是 HTTPS 的元素/链接,可是丝毫没有无限死循环的问题。
谁能更清楚的解释一下这方面的原理呢?