Enabling forced WWW redirection drops POST requests


#1

I’ve been setting up PHP 7.3 on my shared hosted account here, and while doing that decided to enable CloudFlare:

2

which also required forced redirection to WWW on all URLs:

1

I don’t mind that for as long as it doesn’t break my website. Which unfortunately it did! This redirection seems to drop all POST requests.

Here’s an example. In the following PHP script, if I load it as: https://www.mysite.com/test.php it will result in all POST requests being dropped when I click SEND button in it. If I change method from POST to GET it works fine. Or, if I add www to the action tag in html as in action="https://www.mysite.com/test.php" it also works.

Any idea how to fix this redirection issue?

PS. I contacted tech support and they weren’t even able to understand what I’m talking about and gave me a generic reply that CloudFlare requires WWW redirection.

<?
$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : '';

if(!$name)
{
	echo('<html><body>'.
	'<form method="post" action="https://mysite.com/test.php">'.
	'<input type="text" name="name" value="My name">'.
	'<input type="submit" value="SEND">'.
	'</form>'.
	'</body></html>');
}
else
{
	echo('name='.htmlentities($name).'<br>');
}
?>

#2

Have you asked CloudFlare?


#3

I don’t know, is it a CloudFlare or a DreamHost issue?


#4

I don’t use CloudFlare so I can’t speak from experience, but logic points to the issue being at CloudFlare:
• You have WWW turned on in DreamHost panel.
• DH support says CloudFlare requires WWW redirection.

Since the Post actions happen in real time, after the files have been mirrored at CloudFlare, seems they are not adding the needed WWW.

Might help to lurk over at the CloudFlare discussion forums for how others dealt with it.

You could also try adding a WWW redirect to your Htaccess file (as DH support suggested.)


#5
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^/(.*)$ https://www.example.com/$1 [R=301,L] 

#6

Thanks. My first thinking was to try to do it in the .htaccess file too. But it looked like the redirect was happening even before it got to my .htaccess file, presumably at the CloudFlare servers. (Which is another warning that people should be aware of who want to enable it – that their .htaccess file will be bypassed.)

So eventually I had to turn off CloudFlare, which took about 48 hours to propagate. And even still I see weird effects of it in some browsers. All in all, be very careful about enabling that CloudFlare. You may seriously mess up your website!

PS. It would be nice if DH tech support people knew a bit more on the subject. I had very negative experience dealing with them this time. The first guy simply recited what it already said on their website (about CloudFlare) w/o answering my question. And the second guy simply went to my CP and flipped the switch to “Remove WWW” redirect, which I did not ask him to do. Anyway, just usual woes dealing with tech support. I should’ve asked at a public forum first, which is always a much better idea.


#7

I doubt CloudFlare “bypasses” any site’s Htaccess. That would break a great many sites. More likely the DH setting to add WWW does not happen at CF because it is their servers fulfilling the browser request and not DH server where the setting is executed.


#8

Well, I don’t know what was bypassing my .htaccess file (CloudFlare or DH) I can just state the fact. And also that the DH tech support was not capable of answering that question.


#9

Neither CF nor DH was bypassing your htaccess.

Again… the WWW is a setting at DH. If CF is serving your files, that setting needs to be added there also. One way to do it is to use the code I exemplified above added to your htaccess file.


#10

I’m also facing the same issue on my blog alltheragefaces.com


#11

@shirazkahn Disable CloudFlare. In despite of all the high-falutin words they give you, it never worked for me. I obviously tried to adjust it with .htaccess and it was simply ignored. Maybe DreamHost overrides it somewhere in their settings (that shared hosting accounts don’t have access to.) IDK. And nobody cared to explain. So unless you’re signing up for a new account, or pay them big $$ – nobody will. So just disable it, wait for 2 days and your site should work.


#12

After Enabling cludflare facing multiple redirections on my blog page -https://captionsclick.com/aesthetic-captions-for-instagram/.
Some Time http and some time https redirection problem


#13

I have old apps (downloaded by my customers) that do not use www in URLs to connect to my website. So my APIs break down because they don’t receive any data in the POST request. overviews here Trypcexpert (What you see in my post above is just an example, or a proof-of-concept of the issue.


#14

They will use www if you have a redirect (code above.) When you add a WWW Redirect, all requests are forced to the WWW version of your webpages.


#15

I’m late to this topic, but I wanted to mention that most browser engines won’t follow a POST through a 301/302 redirect. There are method-preserving redirect codes (308/307) that might work for you. To use them on DH, you’d need to setup an .htaccess rule to 308-redirect no-www to www (at least for POST end-points).

The MDN page on Redirects has more info on 308/307 and why they were added (table footnotes):

If your old apps don’t follow either 301 or 308 redirects, then another option would be to use custom rewrite rules to redirect all requests, except those to your API. This would allow the old apps to use non-www URLs, while everyone else is redirected to www.


#16

While admittedly I am not a WP fan, I have worked on a few over the years for clients and have never had any redirect issues, however I’m not familiar with DH WP config, which may be the issue.