Link to home
Start Free TrialLog in
Avatar of Frosty555
Frosty555Flag for Canada

asked on

Is it valid/safe to do a cross-domain HTTP redirect ?

This is more of a quick confirmation than anything else because I think I already know the answer...

Lets also say that I happen to have a Windows small business server for my local network. My corporate domain is "ACMESPROKS" or "acmesproks.com". I've registered a domain name for accessing my server from the internet:

http://remote.acmespoks.com

The above URL is used for, as an example, the company Intranet like Remote Web Workplace, or Outlook Web Access or something similar.


Lets say I also had an internet website for my company,. hosted with a third party web host and I registered a separate domain for this purpose:

http://www.acmesprocketscompany.com

Is it safe and valid for me to set up an HTTP redirect as follows:

http://www.acmesproketscompany.com/remote/index.php

       -- Uses the header("Location: xxx") function to redirect to --

http://remote.acmesprok.com

Is it okay to do a cross-domain redirect like that? Or does that break any web best practices or present any security issues?
ASKER CERTIFIED SOLUTION
Avatar of Gary
Gary
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I agree with Gary, looks fine to me.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi,

Similar to above comments; The redirect just works fine.  

However, looking back at your requirement,

http://www.acmesprocketscompany.com is for general public

while http://remote.acmespoks.com is for Intranet/your team access

What I can think of is to totally separate them together, and get the intranet server running on some secure connection.  HTTPS maybe.  Get yourself a self-signed certificate to secure the connection.

My 1cents.