Contrib.social

Redirect to www. and SSL in one step in .htaccess

Open on Drupal.org β†’
Created on 4 January 2022, almost 3 years ago
Updated 7 September 2023, about 1 year ago

Problem/Motivation

Drupal 9 core ships with the following lines in .htaccess as example for (non-) www. redirects:

# If your site can be accessed both with and without the 'www.' prefix, you
  # can use one of the following settings to redirect users to your preferred
  # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
  #
  # To redirect all users to access the site WITH the 'www.' prefix,
  # (http://example.com/foo will be redirected to http://www.example.com/foo)
  # uncomment the following:
  # RewriteCond %{HTTP_HOST} .
  # RewriteCond %{HTTP_HOST} !^www\. [NC]
  # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  #
  # To redirect all users to access the site WITHOUT the 'www.' prefix,
  # (http://www.example.com/foo will be redirected to http://example.com/foo)
  # uncomment the following:
  # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]

(See https://git.drupalcode.org/project/drupal/-/blob/9.4.x/.htaccess)

which is good as it's quite typical to only have one canonical domain and prevent duplicate content problems.

On the other hand it's also quite typical to redirect to https (SSL) for what there's no example in the .htaccess, but documentation on https://www.drupal.org/https-information β†’

On the other hand, the documented SSL redirect snippets on the documentation page, combined with the .htaccess example needs two redirects in some combinations, like for example if the user enters http://example.com (or others, dependent on the order of the rewrite rules).

In my opinion, there are two things that should be discussed to improve:

  1. Why are examples for (non) www. redirects in the .htaccess but not for SSL redirects
  2. For the most typical case: Redirecting to SSL + www. shouldn't we provide an example snippet (in .htaccess or docs) which only needs ONE 301 redirect (example below - to be checked carefully)

I'd be happy about the discussion :) Thank you!

Steps to reproduce

Set up a Drupal site with https://www. as primary domain (which is very typical) and configure .htaccess accordingly.

Proposed resolution

Check this snippet and decide to add it to the .htaccess or documentation page β†’ :

# Redirect all users to the site WITH https:// AND www. (in one redirect):
  RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
  RewriteCond %{HTTPS} off [OR]
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

If we add something like that, we'd also need the vice-versa version to redirect to non-www!

Remaining tasks

TBD

User interface changes

None

API changes

None

Data model changes

None

Release notes snippet

TBD

✨ Feature request
Status

Needs work

Version

11.0 πŸ”₯

Component
OtherΒ  β†’

Last updated about 11 hours ago

Created by

πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

Live updates comments and jobs are added and updated live.
  • Needs framework manager review

    It is used to alert the framework manager core committer(s) that an issue significantly impacts (or has the potential to impact) multiple subsystems or represents a significant change or addition in architecture or public APIs, and their signoff is needed (see the governance policy draft for more information). If an issue significantly impacts only one subsystem, use Needs subsystem maintainer review instead, and make sure the issue component is set to the correct subsystem.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024