Streaming live at 10am (PST)

Trailing slash-removing redirect sends user to insecure page

Assume I have a page at:

https://swayapp.webflow.io/locals

If a visitor attempts to access it with a trailing slash:

https://swayapp.webflow.io/locals/

Webflow will strip the trailing slash, and then redirect the user to an insecure version of the page.

http://swayapp.webflow.io/locals

Besides fixing it with javascript, how can I get Webflow to either allow the trailing slash, or redirect the user to the secure version of the page?

This problem appears to affect every site hosted on Webflow, with or without a custom domain (as far as I can tell).

Welcome to the community @webeye!

Not sure if you ended up doing something to fix this or if the problem corrected itself on its own, however when I visit the link with the trailing slash (https://swayapp.webflow.io/locals/) I am redirected to a secure version of the URL without the slash (https://swayapp.webflow.io/locals) :+1:

image

Hmm, no idea how that’s working for you. I’ve tried Firefox, Chrome, and Safari, and all do the exact same thing, on multiple computers. They all redirect to an insecure page.

Interesting, I just checked my phone (Android running Chrome) and it takes me to an unsecure page. Can’t say for sure why that’s happening, but it could be a bug.

Do you have links leading to the page with the slash? Since this is on the staging domain I’d say your situation could be different on the live URL. Either way, probably worth a note to the Webflow support team through the Designer (question mark icon > help & feedback > send us a help or feedback request) so they’re aware of the issue :+1:

I tried contacting them a couple of days ago via the question mark icon. No response. So I figured I’d try my luck here.

Tested it out, and it’s definitely still redirecting to an insecure page.

$ curl -i https://swayapp.webflow.io/about/

HTTP/1.1 301 Moved Permanently
Location: http://swayapp.webflow.io/about
Connection: keep-alive
Content-Length: 166
Content-Type: text/html
Server: openresty
Accept-Ranges: bytes
Age: 0
Via: 1.1 varnish
Date: Sat, 19 Sep 2020 22:39:34 GMT
X-Served-By: cache-dca17782-DCA, cache-pao17446-PAO
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1600555174.054121,VS0,VE70

I’ve added a javascript redirect for now to handle this scenario (FYI, swayapp isn’t my site, it’s just an example), but here’s hoping someone at Webflow notices either this thread or my still unanswered support request. This is a strange way to handle enforcement of no-trailing-slashes.

Glad you were able to get it sorted out in the meantime.

This problem appears to affect every site hosted on Webflow, with or without a custom domain (as far as I can tell).

I went ahead and checked some of my projects and they all redirect to the secure version of the URL without the trailing slash so I’m thinking it’s just a bug.