NA

Firefox won't redirect URL's automatically to https. Chrome, Chromium-based, and Edge will. Has anyone else experienced this?

The site is inngine.com and I've got virtual hosts set up for port 80 and I used Let's Encrypt for SSL.

I looked through everything and I cannot see anything obvious.

add a comment
1

1 Answer

  • Votes
  • Oldest
  • Latest
BW

There are numerous ways these days you can solve this. The first one I would recommend is making sure that you have set Strict-Transport-Security, you can do this in your .htaccess file like this:

Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS

You can also set your Content-Security-Policy, one of the values is for making sure http requests get upgraded to https. There is much more you can do with content security policies, I would recommend reading up on that, but at the very minimum and to help solve your problem you would want to set something like this in your .htaccess file.

Header always set Content-Security-Policy "upgrade-insecure-requests"

For these headers you could also set these in PHP directly (instead of htaccess):

header('Strict-Transport-Security: max-age=31536000');
header('Content-Security-Policy: upgrade-insecure-requests');

Finally another way is to create a RewriteRule in your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]

You can use one or more of these methods simultaneously. I usually keep the RewriteRule in case older browsers or bots don't understand or support the other directives.

  • 0
    I tried all of the above and still no dice. It's only happening in Firefox. I'm gonna give up for a day or so and try again with a fresh brain later. — natas
  • 0
    I went to your website and it redirected to https for me. Your CSP header is being sent twice for some reason, so I would fix that, but for me it loads https after going to the http version now in Firefox. — Brian Wozeniak
  • 0
    What the fudge? It's not working for me. I've cleared cached, cookies, etc. Still no dice. GAHHHHH!!!! — natas
  • 0
    What version of Firefox are you using? Even if the first ones failed, the rewrite rule should do the work regardless of your browser, you sure you added that one in? You need to make sure to enable mod_rewrite as well. — Brian Wozeniak
  • 0
    I'm using Firefox 93 on MX Linux — natas
  • 1
    So this morning, everything works as expected. I didn't change anything overnight. This is weird, but I'm not complaining. Thanks for the help Biggie Wozz — natas
add a comment
0