What is the proper way to handle shifting the user from HTTPS back to HTTP in WebFlow?
My site has several situations where a user goes through a WebFlow that require SSL. These can be Login, Registration, and other form based flows. When the user is done with the flow they need to go back to HTTP. The client unfortunately hates the HTTPS-HTTP 302/303 redirect warnings the browser gives you complaining about moving from secure to insecure.
The only way I know to get around this is to use an HTML meta redirect tag.
The bad thing about this is that when I submit my HTTPS form, WebFlow sends an HTTP redirect back to the browser telling it to load the new view. The user goes back to the serve and WebFlow serves up the page with the meta redirect tag. They then go back to the server again and finally get the page they want (after two redirects).Code:<meta http-equiv="refresh" content="2;url=http://coca-cola.com/someInsecurePage">
I've also seen this useful tag in WebFlow...
...which turns off POST redirects. Unfortunately it does it for every flow you have and then you have to put redirect: in all of your views...Code:<webflow:flow-execution-attributes> <webflow:always-redirect-on-pause value="false"/> </webflow:flow-execution-attributes>
Am I missing a much better way to handle this?
Is there a way to tell Spring to skip the redirect on just one view?