Is there a way to do a POST on the same URL using https ?
Heres my problem.
I do a GET on an http URL. http://abc.com/file.html?parameter=foo
The contents is a form and I want to do a POST of the data to the same URL but want
the browser to use https.
I know I can do that by setting the form action
<form method=post action="https://abc.com/file.html?parameter=foo">
However, the URL/parameter may be different each time so I am looking for a generic
solution to this. Something like
<form method=post action="https"> (this doesnt work)
which takes the page URL and does a post but uses http instead of https.

Is there a way to achieve this using standard html without using any client-side scripting ?

In order to use HTTPS you have to have an SSL certificate on your site. You can't just use the HTTPS protocol willy-nilly.

Assuming that I have an SSL certificate on the server, I have a server which is up and running and I have a client which has network connectivity to the server ....
Is it possible to do this using standard html ?

Let me add some more information.

If the page URL is http://abc.com/file.html?parameter=foo,
and the html form looks like
<form name=abc method=post action="">
and the user presses the "submit" button, the POST happens to the same URL and uses http.
I want the POST to use the same URL but use https instead.

Currently the form tag in the html file looks like
<form name=abc method=post action="https://abc.com/file.html?parameter=foo">

However, I dont want to have the URL as static but want to just specify the action protocol as https and use the same URL as that of the page.

You are mixing the action and the datas.
You can post it to any url, including https, but let the datas be part of the form.

Remember:
in http://www.something.com/index.php?query=abcd#anchor
you have:

http: The protocol.
www: The sub domain-----\
something: The domain -------------> Those 3 forming the hostname
com: the TLD -------------/
index.php: The pathname
?query=abcd: The search
#anchor: The hash

Look here, it's related to javascript, but applies to the browser too:
http://docs.sun.com/source/816-6408-10/location.htm

A form "action" property is composed of the 5 first elements.
The search, or query part is composed of every fields in your form.
Note that this composition is relative to a GET form method, not a post.

A GET form submission will pass all the form datas in the url, like ?field1=val1&field2=val2 ...
A POST submission will encapsulate the field=value datas in the body of the request, thus making it unreadable without specific tools (Look for fiddler for ie/windows, and "livehttpheaders" for Firefox if you want to inspect them)

So, in your case, what you need is:

Code:

<form name="frmWathever" id="frmWathever" method="get" action="https://www.wathever.com/form.html">
<input type="text" id="inpTxt1" name="inpTxt1" value="This is a text field"/>
<select name="inpSel1" id="inpSel1">
<option value="first">First option</option>
<option value="last" selected="true">last option</option>
</select>
<input type="submit" name="inpSub" id="inpSub" value="Send the datas"/>
</form>

This will create a form with a text field and a select with 2 values.
When a user will hit the "Send the datas" button, they will be posted to the action=url.
And the it's the browser, depending of the method= porperty that wil either compose the right URL to send the datas, or encapsulate them in the body.

Sorry if I did get a bit too much in the details, but I think you will understand better exactly what is a form with all the infos.

I understand that data is part of the body in the post operation.
Let me explain again.
My server allows users to submit data only over SSL.
Earlier, in order to get the page, the users entered the
https URL of the page : https://abc.com/file.html
User enters the data and clicks submit.
(lets forget about the parameter=foo for now)
In the form of the html page, I had
<form name=whatever method=post action="">
Since the action is empty, the POST of the data is done on the same url as the page URL which is https://abc.com/file.html
So data is sent over SSL.
Now I want to serve the page in clear and only make the POST operation happen over SSL. To get the page, Users enter the URL : http://abc.com/file.html
Users enter data and Submit.
I COULD have this in the form
<form name=whatever method=post action="https://abc.com/file.html">
SSL connection will be established when the user hits Submit and POST will happen
over SSL.
My problem is that the URL of the page can change, so I dont want to make it
explicit in the action attribute else I will have to change it continuously. However, I still want the users to be able to GET the page using HTTP and the POST should happen over HTTPS.
So I want to keep the form tag as below, in the html file but want the POST to happen over SSL.
<form name=whatever method=post action="">

Is there some kind of html header that can specify the default protocol to be
used for the method (i.e use https and not http). I know the action can be dynamically set using javascript, but I want to find out first if there is a purely html solution or not.

Thanks

I would be shocked enough to eat my hat if there were a pure html solution to this. Meaning whatever seems easiest for you, is probably worthwhile.

You could always post the data to the same URL, and then have it coded to examine the data and forward it on to the proper page; that would save you some trouble on this one. But require server-side processing. Or you could use client-script to manipulate the form before the user has a chance to submit it. I don't see other options.

I'd say that client side script is the way to go.
Make you forms post all on the same url, and add an hidden field that will be filed via javascript.

To be sure that the user have javascript enabled, make the submit process enabled via javascript too.
Today, with all those ajax sites, javascript is almost always on, and you could add a notice in your page telling the user that he needs javascript turned on to use the form.

Code:

<script type="text/javascript">
function sendDatas(){
 //This line tells javascript to fill a (hidden) field with the exact url that is displayed in the user brower
 document.getElementById('inpHiddenSource').value=top.location;
 //And this one does the real form submit
 document.getElementById('frmTest').submit();
}
</script>
<form name="frmTest" id="frmTest" method="post" action="https://www.host.com/file.htm">
<input type="hidden" name="inpHiddenSource" id="inpHiddenSource" value="not_initialized"/>
<input type="text" name="inpTxt1" id="inpTxt1" value="test value in field 1" />
<input type="button" value="Send datas" onclick="javascript:sendDatas();"/>
</form>

Notice that the form have no "submit" button, but only a regular button.
We use a javascript event to call the function sendDatas() that fill the hidden field with the current browser location value, and submit the form.

Note that the javscript rely on the id="xx" property of the fields, and of the form. It don't rely on the name="xx" property.
The name is what is sent in the form submit processus, elements id is what is used by the javascript to access the elements without giving the full path to reach them.
And for simplicity's (and compliance) sake, keep the names and the id's the same.