-
Notifications
You must be signed in to change notification settings - Fork 37
www.srihash.org doesn't redirect to HTTPS when srihash.org (no www) does #122
Comments
I have no idea either. There's a lot of magic I don't understand in this Heroku setup. |
Can't we get rid of the www redirect altogether? |
What do you mean by that?
We could (in theory, still requires digging into the Heroku config) stop serving anything on |
It seems you want the opposite from what I had in mind, i.e. serve from www. So can't you just get rid of all redirects in Heroku and we'll handle them via HAPI? |
Not sure, I filed a bug for this though. |
On a side note, we set all the headers for all file types which is redundant to say the least. I'll try to make a PR tomorrow for that. |
The redirect chain currently is this:
Now, as you can see, the first redirect isn't a 301 one. BTW this issue seems "fixed" but personally I'd still like to have a 301 redirect :) |
Ideally, we'd change the http://srihash.org to https://srihash.org redirect from a 307 to a 301, but more importantly, http://www.srihash.org doesn't redirect to https://www.srihash.org at all. |
I believe it needs a certificate too that is why it doesn't redirect. Should be easy to set up though. |
@fmarier: can you add an environment variable in AWS so that we do the redirect only for production? We could then use https://www.npmjs.com/package/hapi-require-https Or Heroku, not sure what you are using. |
With the way we resolved #243, we only need to ensure we redirect from HTTP to HTTPS on the www.srihash.org domain. This needs to happen in hapi. Let's discuss in #184 instead of here. |
Ugh. Reminder (mostly for myself):
Heroku exposes protocol information to the dyno through a custom HTTP header.
|
this should finally work |
STR
Not sure how redirection is currently configured. Seems like this isn't in the repo.
The text was updated successfully, but these errors were encountered: