How to redirect from HTTP to HTTPS in angular-CodePudding

I have the following .httaccess for redirect to HTTPS from HTTP page, but it apparently doesn't work as expected:

RewriteEngine On
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} (www\.)?myuniversity.ro
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# If the requested resource doesn't exist, use index.html
RewriteRule ^ /index.html

The problem is, when I type my actual website like:
http://www.myuniversity.ro, it automatically goes to http://www.myuniversity.ro/home, like how it supposed to do, but after a refresh is going to HTTPS, is there a way to go into HTTPS from the first attempt?
I mean, to go from http://www.myuniversity.ro directly to https://www.myuniversity.ro/home without being necessary a refresh?
This is my route configuration:

const routes: Routes = [
  { path: '',   redirectTo: '/home', pathMatch: 'full' },
  { path: 'home', component: HomeComponent }
];

CodePudding user response：

You should not handle http to https redirects in angular. This makes your server not more secure. Because the api is not using angular, so assets etc.

Could you please check if this works for you

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} www\.domain\.de [NC]
RewriteRule ^(.*)$ https://www\.domain\.de%{REQUEST_URI} [R=301,L]

And. Why using a redirect in angular to home and not using the '' path to show home component. Just think about it. I guess it is better to have the domain in the search engines instead of this 'home' thing.

CodePudding user response：

# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} (www\.)?myuniversity.ro
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

You have these 2 rules in the wrong order. The HTTP to HTTPS redirect is not being processed. The HTTP to HTTPS redirect should be first. Currently, the first rule prevents further processing when the requested URL maps to a file or directory. Requesting the root (ie. http://www.myuniversity.ro) is a directory. In this case, the HTTP to HTTPS redirect in .htaccess is not even processed.

Aside: Do you need to check the requested hostname in the HTTP to HTTPS redirect? Are you hosting multiple domains and for some you don't want to redirect? Although since the regex is not anchored you are potentially matching too much. eg. foomyuniversity.ro would also match your condition.