Can anyone please help me with requests to my site being caught in an infinite redirect loop? As far as I can tell, my SSL/TLS encryption mode is off. Under my DNS settings, I am redirecting to one of Heroku’s servers, but I don’t (think I) have SSL set up there. When I look at my requests in Google Chrome, my first request looks like:
and then it’s immediately followed by a request that looks the same only from https to http. (I can’t include a screenshot because I’m only allowed to put one image in a post.) I’m assuming that these redirects are coming via Cloudflare because the server field in both requests is “cloudflare”. Does anyone know how to get out of this infinite loop? Thank you very much.
If a request goes through CF, it will say CF regardless. Chances are the redirect is your server itself redirecting HTTPS to HTTP; this might be done by your hosting provider if you don’t run on a dedicated server and don’t pay them for SSL, or if your software is hard-coded for http and redirects HTTPS back.
I’m not paying Heroku for SSL, so I guess that makes sense. But then how do I get Cloudflare to stop redirecting to https in that case? I have it turned off in the SSL/TLS control panel?
You don’t need a paid plan on Heroku. It’s been a long time since I used Heroku, but the documentation says you can use a *.herokuapp.com cert for nothing. So long as Heroku allows you to make requests for your custom hostname even on an invalid Certificate name, this should be fine. Not ideal, but it will work if you are unwilling to use a paid plan on Heroku that generates a real certificate automatically.
It is worth setting SSL mode to Full, and seeing if that resolves the issue.
