I had an old website that permanently redirected (HTTP 302) all traffic from http://example.com/ to http://exmpale.com/drupal
now I re-implemented the entire website on wordpress but the old redirection is still cached on my user's browsers and breaking my revisiting users' experience (for some assets only).
I was thinking of adding to my new website a route serving as /drupal that will force the browser to trash the cache, is there a way to do so? maybe some http headers/javascript to trash the cache?
what do you think?
(BTW, I'm on a hosted service so my options are limited to php / .htaccess / javascript but I can't change http server configurations)
You said :
permanently redirected (HTTP 302)
But it's either:
temporary redirect (HTTP 302)
permanent redirect (HTTP 301)
302 responses are usually not cached in browsers. If you were using 301 response code this could be stored until the user close the browser. If you have problems with your users it certainly means you were using 301, but if it is not the case it means something between you and the final user is storing a cache of the redirection (like a reverse proxy cache in front of your server?).
If you were using a 301 you might try to add a temporary redirect on /drupal to /. But this may create an inifinite redirection loop on the browsers. You can maybe prevent it by adding a fake argument on the redirection, like redirectiong to /?redir=fix.
Related
Background
1) I have a php upload script located at http://www.example.com/up/upload.php
2) I have a subdomain cdn1.example.com that is a mirror of www.example.com
3) I want all requests made to http://www.example.com/up/upload.php to redirect to http://cdn1.example.com/up/upload.php
The Problem
My upload.php script relies on cookies to work properly
I can successfully forward all requests made to www. to cdn1. but the URL in the addressbar changes. As a result the cookies are lost because its a different domain. Setting my cookies to the root example.com domain is not an option unfortunately.
The Question
Is it possible in my scenario to have upload.php be served from my cdn1. subdomain but have the users browser think its still coming from www. so that all the cookies are still used? If this is possible is there an example I could try plugging into my server?
Ok, so the scenario is that we have a http domain which currently uses a 301 redirect, we want to change this domain to no longer 301 redirect, and instead to be the main domain for said website.
The problem here is that 301 redirects are cached forever, so this isn't really feasible.
We do however want to change the domain to run on https only, and the https domain doesn't have any redirect set whatsoever.
So I'm wondering if I implement HSTS on a domain that already implements a 301 redirect, will the user be forwarded to the HTTPS version of the page (which currently has no redirect in place). This is presuming that they've already got the 301 redirect cached in their browser.
Unfortunately I can't seem to find any information about whether HSTS or the cached 301 redirect would take precedence.
HSTS should take precedence as that happens in the browser - before any message is sent (or any cached redirect is used in place of a request being sent).
However this is easily enough tested so would suggest you confirm it yourself.
And yes I really wish browsers would honour cache expiry times of 301s and/or expiry them periodically. Pretty annoying.
For a mobile subdomain (m.domain) I'm simply trying to pull images from the common main domain image folder (www.domain.com/images)
After a bit of tinkering, I've apparently gotten the htaccess rewrite code to work successfully but I found out I was unable to use the P flag on rewrite, and that I don't have mod_proxy enabled due to shared hosting.
simple code in my m.domain.com htaccess file:
RewriteRule ^(images/.*) http://www.domain.com/$1 [L]
What benefit am I not receiving by not using the P flag? What's the difference?
When you proxy a request, the server itself does the external request and passes through the data it receives. If the client would request http://m.example.com/asdf, and the server would proxy to http://www.example.com/asdf, the server would make a proxy-request to that url, then return that data for http://m.example.com/asdf to the client. For the outside world there is duplicate content on http://m.example.com/asdf and http://www.example.com/asdf, and any client requesting both urls will cache things twice. This is not ideal.
With your current approach you make an implicit temporary redirect. When the client requests http://m.example.com/asdf, the server sends back a redirect-response, which tells the client to try again on http://www.example.com/asdf. The client tries again on that url, and receives the data from the server. For the outside world it is clear that the content is in one place, and when caching the data it will only cache it for http://www.example.com/asdf. If you make the redirect permanent, it will skip the redirect in some cases and directly request http://www.example.com/asdf, reducing the load on your server.
Unless you have a good reason to proxy a request (e.g. because the server with the data is only available locally), you should not use a proxy request. If http://m.example.com/ and http://www.example.com are hosted on the same server, and you are unconcerned about hosting duplicate content, then you should use an internal rewrite. If you are concerned about duplicate content, you use an external redirect, using the [R] flag.
If I load a page https://example.org over HTTPS that contains references to HTTP resources like
<script src="http://example.org/script.js"></script>
I understand that the browser refuses to load the script unless it's src="https://example.org/script.js".
My question is, if I implement a 301 redirect from http://example.org/script.js to https://example.org/script.js, will the browser follow the redirect and load the script via HTTPS, or will it still refuse to load it?
I believe browsers that block mixed content will still block a script from HTTP->HTTPS redirect.
They certainly should do, because it's not secure. An attacker could have intercepted the HTTP request and changed it to redirect to an HTTPS address that is not the one the page referencing the script intended.
I inherited a domain that previously had a 301 redirect from the root ("/") to "/index.shtml"
I've removed the redirect and a different site on the domain, but people who visited the site in the past will have the redirect behavior cached in their browsers... for a terribly long time, unless they manually clear their caches.
Anyone trying to go to example.com in these browsers will be sent to example.com/index.shtml before they even make any HTTP requests. Right now this is a huge problem because there is no index.shtml, but is there something I can do with headers to tell browsers to "forget about that redirect you just did!"?
The short answer: There is no way to tell the browsers of the users to "forget" the R 301 redirect. 301 means permanent, it can be only undone on action of the user or when the cache expires.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.2
Similar Q and A on Stackoverflow:
Apache - how to disable browser caching while debugging htaccess,
Cannot remove 301 redirect
Try to avoid 301 redirects and use 302 (temporarily) instead. Here is an article how to set no cache for 301 redirects (didn't try it):
https://github.com/markkolich/blog/blob/master/content/entries/set-cache-control-and-expires-headers-on-a-redirect-with-mod-rewrite.md
What you could do in your scenario: You could add a header redirect to the file index.shtml, which sends the user to the original file, where he should usually go.
This can be done by a clear data-only cache.
It can remove all,.htaccess redirects changes from the browser.