Do incoming https posts require https URL's

beej asked:

We would like to have HTTP posts from secure servers be secure on our end.

Do the posts need to be made to https://ourserver.com, or does it work to post to http://ourserver.com, and then redirect to https via htaccess?

It would be nice if the latter were true in some fashion, as we’re looking at 100’s of URL’s that would need to be updated manually.

My answer:


You should post directly to an https: URL.

User agents do not resubmit the POST request if the response was a 301 or 302. And while the 307 status code can be used to indicate that the POST request should be resubmitted, most user agents do not support it.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.