Removing index.php and forcing HTTP/HTTPS I have read many posts about people trying to force HTTPS for some views and returning to HTTP for others. I struggled with this for a while too but I think this solution is pretty solid. First of

Removing index.php and forcing HTTP/HTTPSIfModule mod_rewriteIfModuleIfModule IfModuleIfModule mod_rewriteIfModuleIfModule IfModule>

HTTPS and XmlHttpRequests (Ajax)

Not only do XHR calls throw security errors when you try to load content between domains but also between HTTP and HTTPS. Secondly, the headers passed by apache allow browsers to automatically redirect but the XmlHttpRequest object does not.

To solve this you would have to add an exception for any URI that you planned on accessing from one protocol to another.

Example:

RewriteCond %{REQUEST_URI} !(static|auth|register|secure|categories/get_list|products/get_types)

=site_url('categories/get_list');?>

I quickly found out that this became tedious and confusing when I had a lot of requests in a secure environment. Routes to the rescue!

By adding the following to your routes file:

$route['xhr/(:any)'] = '$1';

And adding ‘xhr’ to your list of exceptions; you can now call any URI within your application without changing protocols while still allowing the browser to view that controller using another protocol.

RewriteCond %{REQUEST_URI} !(static|xhr|auth|register|secure)

=site_url('xhr/categories/get_list');?>

I hope this has been helpful!

Phil