Support Forums

Redirect randomly returns 500

Recently I added two redirect rules to my site hosted at https://www.kevlatus.de. Unfortunately, they return code 500 when hitting the page for the first time in a while (at least that’s the pattern, which I observed).

After waiting for a couple of minutes the redirect works perfectly fine. Can someone explain me, what’s happening here?

If it helps, here is the x-nf-request-id for a failing request: bbcc79f4-bb19-4612-809a-38ced662f214
and the content of my netlify.toml

  for = "/*"
    X-Frame-Options = "DENY"
    X-XSS-Protection = "1; mode=block"
    X-Content-Type-Options = "nosniff"
    Content-Security-Policy = "default-src 'self' *.typekit.net *.kevlatus.de 'unsafe-inline'; img-src https://*; media-src https://*;"

  from = "/a/js/script.js"
  to = "https://plausible.io/js/plausible.outbound-links.js"
  status = 200

  from = "/a/api/event"
  to = "https://plausible.io/api/event"
  status = 202

PS: I was following this guide

Hi @kevlatus

Welcome to the Netlify community.

Duplicating your netlify.toml and using the script tag from your site, I can get this working. But only when I remove the headers you have included.

Hi @coelmay,

thanks for your reply! Is there a way to disable the headers for the redirect paths only?

No way of disabling on specific paths that I am aware of.

You could try adding specify headers to /a/* paths that are less strict, but I’m not certain that would work (I’ve not tried.) Another option is to change your headers to limit on say /blog/* pages.

Also, checking you Content-Security-Policy using the CSP Evaluator results in errors/warning (in fact, Netlify Dev spat the dummy when I tried using this in the _headers file.)

thanks @coelmay.
I decided to specify the CSP headers for content pages only and it seems to work fine.

thanks for pointing the header issue out

1 Like