Random redirect behaviour and HSTS preload -- error: (HTTP) should immediately redirect to (HTTPS)

Hello,

I am trying to submit my site (https://ari-web.xyz/ (https://ari-web.netlify.app)) to the HSTS submission list, and sometimes I get this error:

Error: HTTP redirects to www first `http://ari-web.xyz` (HTTP) should immediately redirect to `https://ari-web.xyz` (HTTPS) before adding the www subdomain. Right now, the first redirect is to `https://www.ari-web.xyz/`. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.

But sometimes it just works… I am confused why or how:

Status: ari-web.xyz is pending submission to the preload list.

By chanse if you try enough times you will get red,
is it an issue with my redirects and stuff? …

I’m just like really confused, some people get green, some red, I get both, just a whole mess, why is that, can I somehow fix it?

HSTS preload url: HSTS Preload List Submission

I only submitted it few days ago, but I only started getting weird errors today

Thanks for any help

Update (1)

Even after playing around in dev tools I can see the random behaviour, sometimes I get a direct redirect to www subdomain over https, sometimes I get redirected to https (top level) then https (www), very confusing, my dns seems fine, is it maybe netlify’s fault? not sure

Update (2)

Forgot to link the source code: GitHub - TruncatedDinosour/website: My website's source code.

Hey @B00bleaTea

You are wishing to use ari-web.xyz as the primary/default domain, not www.ari-web.xyz? Currently www.ari-web.xyz is configured as the primary domain. You can change this behaviour in the Custom Domains section of the UI

1 Like

Hi @coelmay

Nope,

I fully understand this, but the issue is that
it randomly redirects, I always want it to be:

http://ari-web.xyz/https://ari-web.xyz/https://www.ari-web.xyz/

while it is most of the time like that, sometimes this happens:

http://ari-web.xyz/https://www.ari-web.xyz/

And as redirection to https://ari-web.xyz/ is necessary for HSTS I cannot make it stable… how would I make it, well, stable and follow http → https → https (www)

If you can produce this, please provide the x-nf-request-id for this in or that Netlify can investigate. My understanding is this is not correct behaviour.

1 Like

@coelmay Surely, will reply as soon as I can

@coelmay I am having trouble reproducing it in the browser,
I can only really reproduce it in the HSTS Preload List Submission website, which does not show any headers… only red and it’s quite random, though I have reproduced it before, any way to get back the request which I have reproduced the bug or whatever it may be? it should be there as in the making of this thread I did reproduce it

Given the sheer number of requests Netlify would see in a day, it is likely near impossible (very time-consuming at least) to find a specific request based on an error message. That’s why the x-nf-request-id is required for troubleshoot purposes.

Another question is how many times you have tried submitting your site? You say sometimes you get green, sometimes red (with error) suggesting you are doing it multiple times. There is only a need to do it once is there not?

Not sure,

The red happens randomly, I tried checking the status of the site (submitting) at least like 10 times to try to reproduce it, but usually like 1 is enough, it’s completely random and more frequent at times

for now at least, it seems good, tried doing it multiple times with no error, will try to debug and stuff, if I manage to get hold of the ID I will send it to you

sorry forgot to update,
everything was okay after I reported this,
I got into HSTS preload list and all that fine :slight_smile: