Forum

Thread tagged as: Problem, Configuration

Force_ssl(); Can it be used to force the non www address

Latest Version of perch

define('PERCH_SSL', true); in config files and <?php PerchSystem::force_ssl(); ?> at top of page before html and after runtime.php line

just the last part of the config files

define('PERCH_LOGINPATH', '/rjnew_update');
    define('PERCH_PATH', str_replace(DIRECTORY_SEPARATOR.'config', '', __DIR__));
    define('PERCH_CORE', PERCH_PATH.DIRECTORY_SEPARATOR.'core');

    define('PERCH_RESFILEPATH', PERCH_PATH . DIRECTORY_SEPARATOR . 'resources');
    define('PERCH_RESPATH', PERCH_LOGINPATH . '/resources');

    define('PERCH_HTML5', true);

    define('PERCH_DEBUG', false);

    define('PERCH_PROGRESSIVE_JPEG', true);
    define('PERCH_SSL', true);

On page

<?php include('rjnew_update/runtime.php');?>
<?php PerchSystem::force_ssl(); ?>
<!doctype html>

In case this is conflicting in some way with the perch code

rewriteengine on
rewritecond %{HTTPS} off
rewritecond %{HTTP_HOST} ^www.rjwaste.com$ [OR]
RewriteCond %{HTTPS_HOST} ^www.rjwaste.com$ [OR]
rewritecond %{HTTP_HOST} ^rjwaste.com$
rewriterule ^rjwaste\/(.*)$ "https\:\/\/rjwaste\.com\/$1" [R=301,L]

If you type in rjwaste.com in Firefox or Edge it comes back as https://www.rjwaste.com instead of https://rjwaste.com I am also using an htaccess file but nothing is striping out the https://www. even though I do not type that in.

Is there a way to set the Perch force to insist thate the non www secure address is used. Works in Chrome.

Carol Swinehart

Carol Swinehart 0 points

  • 4 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

Using force_ssl() is intended for mixed HTTP/HTTPS sites (not so common now). It's not a good strategy to rely on for making your whole site HTTPS - that should happen in the web server config.

The redirect uses the value of REQUEST_URI from the server environment. If you'd included your diagnostics I would be able to see what that currently is, but you can look for yourself in the Extended section. Search for REQUEST_URI.

It is rjwaste.com so that is correct.

Carol

Drew McLellan said:

Using force_ssl() is intended for mixed HTTP/HTTPS sites (not so common now). It's not a good strategy to rely on for making your whole site HTTPS - that should happen in the web server config.

The redirect uses the value of REQUEST_URI from the server environment. If you'd included your diagnostics I would be able to see what that currently is, but you can look for yourself in the Extended section. Search for REQUEST_URI.