forcing site to https and working both for www or non www
I have updated a website that has been around for a while. I checked to see what the url looks like if I search for it on Google and it is www as opposed to not having www. I wanted to keep that but also force a redirect to https as the site was http. I have added a SSL certificate so it should be https.
I have done this in the root .htaccess file, bearing in mind this is a php MVC structured project (just mentioning in case that matters at all).
So, this works fine if I click on the link from the google search results and if I type www.mysite.com directly into the browser url.
But, if I just type in mysite.com then it loads the site but doesn't force the www and some things on the site do not work anymore.
Console gives me a bunch of these errors:
So, firstly, what is the best way to fix this and secondly, am I not meant to choose a preferred version and somehow state that via a canonical tag or something along those lines. I am concerned google will think there is duplicate content if both www and non www sites work or is that not an issue?
Any advice would be appreciated.
I have done this in the root .htaccess file, bearing in mind this is a php MVC structured project (just mentioning in case that matters at all).
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>So, this works fine if I click on the link from the google search results and if I type www.mysite.com directly into the browser url.
But, if I just type in mysite.com then it loads the site but doesn't force the www and some things on the site do not work anymore.
Console gives me a bunch of these errors:
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
So, firstly, what is the best way to fix this and secondly, am I not meant to choose a preferred version and somehow state that via a canonical tag or something along those lines. I am concerned google will think there is duplicate content if both www and non www sites work or is that not an issue?
Any advice would be appreciated.
ASKER
Thanks, lenamtl. That is pretty much the code I am already using. Even if I fix the allow origin issue, I am still concerned about being penalised for potential duplicate content if the site works on both www and non www. That's also part of my question.
My understanding is that if you redirect with a 301, you will not be penalised for duplicate content.
I read somewhere (sorry, I cannot remember where) that using the rewrite engine is not the most optimal way of handing a redirect from http to https and that modifying your vhost configuration is more efficient (assuming that you have access). With that in mind, doing something like this is recommended:
This kind of permanent redirect will still emit a 301 permanently moved http response. The most relevant line is:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
Redirect permanent / https://mysite.example.com/
</VirtualHost>…This kind of permanent redirect will still emit a 301 permanently moved http response. The most relevant line is:
Redirect permanent / https://mysite.example.com/ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys, the vhost examples are pretty foreign to me. How do I even start?
I am on a shared hosting package (php)
I updated my .htaccess file which seems to force https://www. but I would like to do the vhost method if I am able to.
I am on a shared hosting package (php)
I updated my .htaccess file which seems to force https://www. but I would like to do the vhost method if I am able to.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>
If you are on a shared hosting package, I doubt you would have access to the server configuration so rewrite rules will be the way to go and David's information is really very useful. If you wanted to globally redirect all non https traffic, you could possibly ask your hosting provider to make a change for you that is compliant with Google's indexing.
ASKER
Yes, I wanted to try David's way because after having a quick Google now, most resources say that using the .htaccess file to do what I am trying to should be a last resort. But I guess if I am on shared hosting I don't have much of a choice.
Yes, you are a little limited when on shared hosting unless they are prepared to make changes to your configuration, which generally isn't the case.
You can usually get away with doing this in a .htaccess file + this can be tricky.
For example, WordPress (and other software) rewrites .htaccess constantly + sometimes .htacess files can end up scrambled.
My personal preference is to place core Apache directives (required for minimal site function to work) in the Apache config, so these directives are protected against any file changes.
If you do use .htaccess for this, be sure to keep notes somewhere of all your rules, so you can recreate the .htaccess file if required.
For example, WordPress (and other software) rewrites .htaccess constantly + sometimes .htacess files can end up scrambled.
My personal preference is to place core Apache directives (required for minimal site function to work) in the Apache config, so these directives are protected against any file changes.
If you do use .htaccess for this, be sure to keep notes somewhere of all your rules, so you can recreate the .htaccess file if required.
ASKER
Thanks guys, since EE took away points allocation using actual numbers, all I have is these sliders and I don't actually know how they allocate points. So, apologies if the points come out weird. I have asked them to change it back but no go....
Open in new window
About the access-control-allow-origi
https://crunchify.com/how-to-fix-access-control-allow-origin-issue-for-your-https-enabled-wordpress-site-and-maxcdn/
You have to make sure that all internal url is using https (all external link too if possible)