I've recently switched our login mechanism, and our API, over to SSL (https:// vs http://)
I am using the following:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} danipad [NC,OR]
RewriteCond %{REQUEST_URI} api [NC,OR]
RewriteCond %{REQUEST_URI} members/join [NC,OR]
RewriteCond %{REQUEST_URI} members/login [NC,OR]
RewriteCond %{REQUEST_URI} members/edit_profile [NC,OR]
RewriteCond %{REQUEST_URI} members/edit_membership [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
My problem is that there are third-party applications that still make POST requests to the api (specifically, to retrieve an access token as part of the OAuth process). The problem is that 301 redirects do not preserve POST data. What kind of workaround can I implement that requires all API requests to connect over SSL while still being backwards compatible?