Drupal 9 core ships with the following lines in .htaccess as example for (non-) www. redirects:
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301](See https://git.drupalcode.org/project/drupal/-/blob/9.4.x/.htaccess)
which is good as it's quite typical to only have one canonical domain and prevent duplicate content problems.
On the other hand it's also quite typical to redirect to https (SSL) for what there's no example in the .htaccess, but documentation on https://www.drupal.org/https-information
On the other hand, the documented SSL redirect snippets on the documentation page, combined with the .htaccess example needs two redirects in some combinations, like for example if the user enters http://example.com (or others, dependent on the order of the rewrite rules).
In my opinion, there are two things that should be discussed to improve:
I'd be happy about the discussion :) Thank you!
Set up a Drupal site with https://www. as primary domain (which is very typical) and configure .htaccess accordingly.
Check this snippet and decide to add it to the .htaccess or documentation page:
# Redirect all users to the site WITH https:// AND www. (in one redirect):
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]If we add something like that, we'd also need the vice-versa version to redirect to non-www!
TBD
None
None
None
TBD
Show commandsStart within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
anybodyJust found this issue from Dropsolid in dropsolid_rocketship where they fixed this: #3159964: Improve example for https redirect in .htaccess
Commit: https://git.drupalcode.org/project/dropsolid_rocketship/-/commit/7637808...
Sadly, it wasn't proposed as a fix for core.
Comment #4
anybodyComment #5
anybodyAdded a first idea how this might be implemented. Would be happy to get some feedback and more ideas.
Untested yet!
Comment #7
volker23 commentedProposed solution works like a charme, would love to see this in core!
Comment #8
anybody@Volker23: Please RTBC it then, if you think it's fine! :)
Comment #9
anybodyPerhaps someone could create a further MR against 11.x-dev?
Comment #10
smustgrave commentedTagging for framework manager as changing the htaccess seems like a big deal.
But a 11.x will be needed, not sure feature requests are backported to 10.x still.