1

I own a .dev domain, which is included on the HSTS preload list. The domain is registered with Namecheap.

Now, when trying to set up redirects (301,302) from my www. to non-www, this is apparently causing problems. Services like http://redirectcheck.com/ show that the redirects are working. Also, using wget or curl, everything is resolved fine.

Unfortunately, when I try to access the URLs that should be redirected with Chrome or Firefox, nothing happens.

I am pretty sure this has to do with how modern browsers handle HSTS. As I understand, they will not redirect from a .dev domain if the other site is not secure. However, the domain I redirect to is my own domain, therefore also a HSTS enabled .dev domain. Shouldn't this work?

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Thomas Kainrad
  • 111
  • 3
  • In general: including your domain name may help our community debug your actual problem - Permanent redirects, with a http status code 301, are cached by modern browsers, and you may need to to clear your cache or test from new anonymous browser sessions after each change in your server config. – HBruijn May 06 '19 at 07:59
  • Thank you for the suggestion. I am afraid I can not disclose the domain at this point. The bug seems not to be related to caching, tried with different machines and browsers, cleared caches at several points etc. – Thomas Kainrad May 06 '19 at 08:42
  • What is the output of your browser's developer tools Network tab? – Tero Kilkanen May 09 '19 at 00:15
  • Sorry, I can no longer reproduce this easily - see my answer. Thank you very much for your concern though. I am sure the problem could have been solved also at the root if I a gave more detailed descriptions. However, using CloudFlare appears to bring only benefits at this point and renders this problem irrelevant. – Thomas Kainrad May 09 '19 at 07:47

1 Answers1

0

I believe the problem had to with Namecheap and the fact that I am not using one of their certificates. Instead, the site is hosted via GitLab Pages and a Let's Encrypt certificate.

Any way, I "solved" the problem by starting to use CloudFlare and their Page Rules. The page also got faster in the process, and I am content with the free version.

Thomas Kainrad
  • 111
  • 3