+ Start a Discussion
CheyneCheyne 

Force HTTPS on Force.com site

I have a Force.com site set up, which will be used by un-authenticated users. My site automatically has two domians associated with it

http://mydomain.force.com
https://mydomain.secure.force.com

Since users will be making purchases (using a credit card) through this site, I would like to force them to use the secure version. The URL Redirect settings on the site don't allow me to do redirects at the domain level, however, and the documentation that I have found regarding forcing HTTPS refers to users who are logged in. 

Is there a way to redirect un-authenticated users to https://mydomain.secure.force.com when they attempt to access http://mydomain.force.com?
Best Answer chosen by Cheyne
Pat PattersonPat Patterson
You can do this by adding a controller action to each page. Put the action function in an extension so you can reuse it:

Visualforce

<apex:page ... extensions="CheckSecureExtension" action="checkSecure">
...

Apex

public class CheckSecure {
    // Constructors so you can use this extension with standard record
    // and set controllers - you may have to add more as appropriate
    public CheckSecure(ApexPages.StandardController controller) {
    }

    public CheckSecure(ApexPages.StandardSetController controller) {
    }

    public PageReference checkSecure() {
        if (System.URL.getSalesforceBaseUrl().getProtocol().equals('http')) {
            // Not handling query params here - straightforward to add that if necessary
            return new PageReference('https://mydomain.secure.force.com' +
                                     ApexPages.currentPage().getUrl());
        }

        return null;
    }
}

All Answers

Pat PattersonPat Patterson
You can do this by adding a controller action to each page. Put the action function in an extension so you can reuse it:

Visualforce

<apex:page ... extensions="CheckSecureExtension" action="checkSecure">
...

Apex

public class CheckSecure {
    // Constructors so you can use this extension with standard record
    // and set controllers - you may have to add more as appropriate
    public CheckSecure(ApexPages.StandardController controller) {
    }

    public CheckSecure(ApexPages.StandardSetController controller) {
    }

    public PageReference checkSecure() {
        if (System.URL.getSalesforceBaseUrl().getProtocol().equals('http')) {
            // Not handling query params here - straightforward to add that if necessary
            return new PageReference('https://mydomain.secure.force.com' +
                                     ApexPages.currentPage().getUrl());
        }

        return null;
    }
}
This was selected as the best answer
CheyneCheyne
Awesome, that's exactly what I was looking for. Thanks!