How to avoid double redirect from www subdomain

Navigating to the non-secure www subdomain (http://www.) results in a double redirect due to the first redirect resolving to the secure htts://www and the second finally going to the primary domain.

I’ve tried using the _redirects file to redirect http://www straight the primary domain but this has had no effect.

This double redirect is considered an error by tools such as ahrefs. It would be good have this reduced to a single redirect. Is this possible?

netlify site name: heuristic-lewin-46afbc

Contents of _redirects file:

http://www.runjs.app/* https://runjs.app/:splat 301!

@lukehaas Welcome to the Netlify community.

Could you please supply us with your custom domain name and the contents of your _redirects file?

Updated to include _redirects content.

@lukehaas I’m not seeing the double redirect.

Also, once your site is set up and the SSL is provisioned, this redirection takes place automatically – you don’t need to add an explicit redirect in your _redirects file.

@lukehaas Oh, wait. I see it now:

|================= curl check for http redirect =================
| ------------------------ www.runjs.app ------------------------
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 0
Content-Type: text/plain
Date: Sun, 21 Feb 2021 14:50:24 GMT
Age: 0
Connection: keep-alive
Server: Netlify
Location: https://www.runjs.app/
X-NF-Request-ID: 1e489f79-679e-4fcd-9f12-cae41a68fe09-3637658

HTTP/2 301 
cache-control: public, max-age=0, must-revalidate
content-length: 0
content-type: text/plain
date: Sun, 21 Feb 2021 14:50:25 GMT
strict-transport-security: max-age=31536000
age: 0
server: Netlify
location: https://runjs.app/
x-nf-request-id: 1e489f79-679e-4fcd-9f12-cae41a68fe09-3637668

HTTP/2 200 
cache-control: public, max-age=0, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 21 Feb 2021 14:50:25 GMT
etag: "6487522f96804ede5a4125af91567f97-ssl"
strict-transport-security: max-age=31536000
age: 0
server: Netlify
x-nf-request-id: 20479e1d-0cda-41ff-acd2-b6f1e31ca129-5529898
|================================================================

I’m wondering if this is avoidable, given the automatic redirect from HTTP to HTTPS with Netlify? You are performing two redirects, so it makes sense that these would show up in the headers.

What does it look like when you remove this explicit redirect entirely?

The explicit redirect has had no impact on this. I added it as an attempt to solve the double redirect but it it made no difference.

@lukehaas I guess my first question would be where are these HTTP requests coming from? The Internet is moved to HTTPS links at an astonishing pace, thanks in large part to Let’s Encrypt, and don’t some browsers even warn you when you try to visit HTTP sites (as opposed to HTTPS)? I would think that when properly set up, most if not all of your inbound traffic is going to be over HTTPS, which eliminates that redirect.

My second question is what is the validity of the ahrefs tool? There seem to be plenty of evaluators available – many of them free – that do not report accurately on the ramifications of various configurations.

As I mentioned before, these seem to be two valid redirects – from HTTP to HTTPS, and from subdomain to apex domain – so no matter how you effectuate it (that is, implicit or explicit redirects), the redirects are going to be there.

Am I missing something?

The redirects themselves are valid, but the chain of redirects is just unnecessary. It looks like Netlify doesn’t expose a way to avoid this which is unfortunate. My initial assumption was that it would be trivial to put in a redirect from http://www to https:// as it would be on a self-managed solution.

Redirects relating to the protocol/subdomain of a primary custom domain (i.e. www-to-apex or vice versa and http-to-https) happen automagically and can’t be manipulated by redirect rules, unfortunately!

I think you can work around this by adding a dummy primary custom domain and then assign the true primary custom domain as a domain alias.

For example:
Primary custom domain: dummy.yoursite.com
Domain alias: www.yoursite.com
Domain alias: yoursite.com

And then, you’ll want a suite of redirects to cover your protocols, www-to-apex (or vice versa) and correct domain name redirects without the double-hop!

1 Like