Bug (?) with "Always Use HTTPS" and urls not ending in "/"

I have Flexible SSL enabled, with “Always Use HTTPS” enabled. I’m accessing my website using the latest Brave 1.11 (fork of Chromium 83), as well as Chrome 83, via HTTPS.

On my website I have some relative links that do not end in /, such as Contact … note the missing / after /contact.

The site is accessed via HTTPS. When I click that link, the browser requests https://example.com/contact (note httpS:// and no trailing / in /contact). However, CloudFlare does two 301 redirects for no good (*) reason that I can gather, ending up with 3 GET requests and 3 responses in total instead of just 1 GET request and 1 response.

None of those redirects should have been triggered. I was already on https:// and URLs without trailing / are perfectly fine.

(*) I haven’t kept up to date with all the RFCs but even if there is some draconian-strict specification about URLs and redirects to justify this behavior, I believe it should be relaxed in this case given the extra traffic and latency it causes. Am I missing something?

Yes, I’m aware of how Flexible SSL works and that it’s not end-to-end encrypted, but my bug report still stands: CF should still not be triggering two 301 redirects in my opinion given the browser requests an HTTPS GET (if this was expected then all other resources would cause two redirects too, css files, js files, image files, etc).

:wave: @AlexR,

That is your origin, not :logo:

Cloudflare wouldn’t provide an http redirect to a resource and always use HTPS forces the bad redirect your origin sent as configured. Not a :wbug:

— OG

1 Like

But there is no 301 redirect if i request https://example.com/contact/ (note the trailing slash). There are two 301 redirects if i request https://example.com/contact (no trailing slash) … CF responds with 301 to http://.

If my origin responds with 301 to http:// then I’d expect CF to translate that to https:// given enabled the Always Use HTTPS

Again, this is coming from your origin, Cloudflare will (in most cases) return responses to users matching what your origin provided. Your origin is redirecting you to http://, so that is where the browser goes. While there is room for optimization here, returning the content your origin provides to the browser is not a bug.

You could probably use HSTS to cause browsers to fix this for you, but you need to understand what HSTS does before proceeding here.

Ultimately, avoiding Flexible and instead allowing your origin to see/provide https, it can create appropriately rewritten URLs.

1 Like

I undersatnd it may not a bug per-se, as I was saying in my previous posts, but I was advocating for having CF relaxing this in order to avoid the 2 redirects since they can be clearly detected as unnecessary, having enabled Always Use HTTPS (CF knows the origin is dumb and should try to optimize it as per the admin’s CF settting).

p.s. I usually stay away from HSTS

:wave: @AlexR,

It is redirecting the way you have configured it to. If you want to fix your origin using Cloudflare, you can do that using Workers.

— OG

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.