Compatible with HSTS preload

Created on 18 July 2024, 5 months ago

Does setting https/www with this module work with https://hstspreload.org/? I remember running into some issues a while back when I was figuring out how best to do both of these.

I think HSTS requires the https to be set first before the subdomain. Also if I remember correctly, there are some other settings you need to set as well.

Also, at least at the time, I think Google was throwing a warning about too many stepped redirects if a user arrives at:
mysite.com > https://mysite.com > https://www.mysite.com

or similar, which I'm not sure I ever found an "answer" for. Regardless, definitely tracking this, thanks for putting it in a module.

πŸ’¬ Support request
Status

Postponed: needs info

Version

2.1

Component

Documentation

Created by

πŸ‡ΊπŸ‡ΈUnited States w01f

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @w01f
  • Status changed to Postponed: needs info 5 months ago
  • πŸ‡ΈπŸ‡ͺSweden enzipher

    Hey, I am not familiar with that, but after a quick review I don't see any reason there would be compatibility issues with this module. The HSTS header only seems to be required between HTTPS redirects which wouldn't apply to the redirect this module does. Regarding too many redirects, this module only does one redirect based on settings, http => https with or without subdomain.

    That said, please do report any issues you encounter related to this module.

    Thanks,

Production build 0.71.5 2024