Crypto > Always Use HTTPS, 301 vs 307

ssl
autohttps

#1

Can you allow us to specify the http status code of the redirect?

The current use case is form submissions to the http version of a organization-wide form handler. Old sites are submitting to http. Over 600 of them.
When your redirect fires it drops the form data. My limited research tells me that a 307 retains form data.

I’m :exploding_head: because my client is :face_with_symbols_over_mouth: because all his sub clients are :rage:.

In the meantime I’ll disable Always Use HTTPS. I suppose this change will have a slight performance impact since the request has to hit the server before redirecting. More work for your systems, too. Imagine if the forms contained large attachments…


#2

I just confirmed 307 indeed keeps form data intact. But it’s a ‘temporary’ redirect.
Perhaps the redirect at cloudflare can be smart(er) and automatically know to use 301 for GET and 307 for POST.


#3

Did you play around with page rules?
It’s not possible to set 307 there but it might be a workaround to redirect a a specific page or sub folder to http on the edges. I guess this wouldn’t resolve the load issue completely but it may help to keep the response times as low as possible.


#4

The issue is loss of form data because of Always Use HTTPS uses 301 to redirect.
I don’t want to set up page rules for multiple sites. And I think this probably effects more people.


#5

Understood. Just an idea since your customer is :face_with_symbols_over_mouth: and their customers are :rage:

I was just thinking about customer satisfaction :wink:


#6

Can Workers do an HTTPS redirect and set the status code?


#7

Yep it can! But my question for @jules why not directly set the form POST URL to https:? There may be a technical reason, but still…


#8

We have about 600 legacy websites posting to the http version of a form handler on a single domain. I found it easier to adjust the redirect status code on the form handler from 301 to 307, at least as an immediate fix. The proper thing to do, over time, is to change the action url of those 600 legacy website’s forms.

I always figure that if I come across this issue, then it’s more than likely others do/will as well - even if they aren’t aware of it.

Going forward in all websites I build, .htaccess and web.config will be smart to 301 the GETs and 307 the POSTs. It would be nice if CF did the same.