I’m using Cloudflare’s Access feature since a couple days ago, and I noticed that redirects from naked domain to the www version are not being enforced before Access. This forces me to create an Access Policy for both www and non-www domain for each URL I want Access to protect. So a regular WordPress site would need one policy for each of:
Not to mention other resources or subdomains a site may need authentication for.
It’s kind of cumbersome to have to maintain different Access Policies for the same purpose. Especially since I do have a redirect forcing non-www visits to go to the www version.
I suggest you guys work on an alternative that would let website owners to opt in to have a policy apply to both naked domain and its www version.