I have my app running on Heroku. I added www and root domains to Heroku and got the DNS-targets. Added them to cloudflare as CNAME records. The root one is flattering. I have changed nameservers to our registrar. Now, when I go to our page it redirects http to https correctly but then keeps redirecting to the https address. Why is that? And ends up with too many redirects error. When I curl the site it gives 301 moved permanently and then 403 forbidden.
SSL/TLS type is Flexible because Heroku only works through http. And I have enabled always use https.
You currently have a security issue.
Thank you! Adding a certificate to Heroku helped.