无声地将api资源移动到另一个url-Silentlymoveapiresourcestoanotherurl

3  

302,301 etc Redirects for that matter will be GET requests only .However for 307 technically the browser can make a POST request .More details here .But it is not a good idea to have a redirect which will make unnecessary round trips for every request.Also it may cause other issues like cross domain calls(If you are making Ajax REST API call or browsers will verify all the resources are loaded from https only(Mixed content warning)

302,301等重定向只会收到请求。但是对于307浏览器来说，技术上来说，浏览器可以发出一个POST请求。这里有更多的细节。但是重定向不是一个好主意，它会对每个请求造成不必要的往返。它还可能导致其他问题，如跨域调用(如果您正在进行Ajax REST API调用，或者浏览器将验证所有资源都是仅从https加载的(混合内容警告)

What is the best way to handle this https -> http redirection?

处理这个https -> http重定向的最佳方式是什么?

we should not do redirection as it can cause many issues as I was explaining above

正如我上面所解释的，我们不应该重定向，因为它会引起许多问题

Whether it is good solution at all or not?

它到底是不是一个好的解决方案?

Redirection is not a good solution in this scenario.

在这种情况下，重定向不是一个好的解决方案。

What is the best solution to silently move our users to new api url?

无声地将用户移动到新的api url的最佳解决方案是什么?

The best solution in this scenario in my opinion is to setup a transparent proxy which will do https offloading as well. This will make zero change in your client side also.Here's how we can set it up.

在我看来，在这个场景中最好的解决方案是设置一个透明的代理，它也将执行https卸载。这将使您的客户端也零更改。我们可以这样设置。

• Setup reverse proxy in IIS for any request which goes to your API.

  在IIS中设置反向代理来处理任何发送到API的请求。

  • refer this ,setup reverse proxy for api and this -Once you follow any of the above article ,you will have a urlrewrite rule like this
  • 请参考这个，设置反向代理api，如果您遵循以上任何一篇文章，您将会有一个这样的url重写规则。

  > <<系统。webserver> <重写> <动作类型="重写" url="http://server2/api/{R:1}" logRewrittenUrl="true" /> <条件> 配置网络服务器>

In this above urlrewrite rule,you will be forwarding the request to server2 if the requested url contains api which will be over http.So till this server the request will come on https and from there it will go to server 2 on http.but this happens wihout the client's knowledge. And this will be local request(not over internet) and the latency is negligible.So the flow will be like this

在上面的urlrewrite规则中，如果请求的url包含http上的api，那么就会将请求转发给server2。因此，在此服务器之前，请求将会出现在https上，然后它将在http上运行到服务器2。但这种情况会影响客户的知识。这将是本地请求(不是通过internet)，延迟是可以忽略的。所以流是这样的

Browser =>https(https://example.com/api/products/2) => http(http://server2/api/products/2)

浏览器= > https(https://example.com/api/products/2)= > http(http://server2/api/products/2)

• Remove the API code from your original website completely. Including the redirect logic ,this will make your website completely free of API implementation
• 完全从原始网站上删除API代码。包括重定向逻辑，这将使您的网站完全没有API实现

just summarizing the advantages of this approach

总结一下这种方法的优点。

1. At the client side there is no change required, Clients will not even know that something like this is happening. So no extra round trips on the client side.
2. 在客户端，不需要任何更改，客户甚至不知道正在发生这样的事情。所以在客户端没有额外的往返行程。
3. Your traffic will be full https and no https to http outside your main website.
4. 您的流量将是完全https，没有https到http以外的您的主要网站。
5. If you have the main website and API calls in the main website, it does not create cross domain calls or mixed content warnings. 4.You have completely isolated your main website from API code.
6. 如果您在主网站上有主网站和API调用，它不会创建跨域调用或混合内容警告。4所示。您已经将主站点与API代码完全隔离。