Domain: force_ssl AND force www redirect should redirect twice for HSTS

Version 1.58

Bugfix
Finished

When both the "Force SSL" option and "Force Redirect" to "www.domain.com" options are enabled for a given domain, DA previously redirected: http://domain.com -> https://www.domain.com in once step, to save a redirect. Although this is quicker, HSTS does not like this, and checkers would report: "Error: HTTP redirects to www first" "`http://domain.com` (HTTP) should immediately redirect to `https://domain.com` (HTTPS) before adding the www subdomain. Right now, the first redirect is to `https://www.domain.com/`. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain." The basic logic change is to check if the domain has: - force ssl - redirect to www or non-www (any www redirect type) - calling for 80 non-ssl if all are true, simply shut off the www or non-www redirect (As if this force redirect feature was off), but leave the force ssl feature on.

Interested to try DirectAdmin? Get a 30-day Free Trial!