http 或 www 到 https 重定向不起作用

Question

我的网站应该将指向我网站的所有链接重定向到 https:// 域，但是以某些方式输入时它不起作用。

https://www.example.com --- 有效

example.com --- 有效

www.example.com --- 不起作用，转到 http://...

网站从单独的文件中调用全局页眉和页脚。当它不起作用时，它会引发此错误：

    Access to XMLHttpRequest at 'https://www.example.com/header.html'
    from origin 'http://www.example.com' has been blocked by CORS policy:
    Response to preflight request doesn't pass access control check: The
    value of the 'Access-Control-Allow-Credentials' header in the response
    is '' which must be 'true' when the request's credentials mode is
    'include'. The credentials mode of requests initiated by the
    XMLHttpRequest is controlled by the withCredentials attribute.

这是调用头文件的代码：

    var headerURL = 'https://www.example.com/header.html';
    var xhr = new XMLHttpRequest();
    xhr.open('POST', headerURL, true);
    xhr.withCredentials = true;
    xhr.onreadystatechange = function()
    {
      if (xhr.readyState === 2)
      {
        $('header').load(headerURL + ' header', function()
        {
          ...do stuff with the header...
        });
      }
    }
    xhr.setRequestHeader('Content-Type', 'application/json');
    xhr.send(JSON);

这是我的 .htaccess 文件：

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_FILENAME} !-d 
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)$ $1.html

    RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [L,R=301]

    Redirect /page1.html /page1
    Redirect /page2.html /page2
    Redirect /page3.html /page3
    Redirect /page4.html /page4
    Redirect /page5.html /page5

    ErrorDocument 404 /404.shtml
    ErrorDocument 500 /500.shtml

    # Enable CORS
    Header always set Access-Control-Allow-Origin "https://www.example.com"
    Header always set Access-Control-Allow-Origin "http://www.example.com"

    # ----------------------------------------------------------------------
    # Expires headers (for better cache control)
    # ----------------------------------------------------------------------

    <IfModule mod_expires.c>
      ExpiresActive on

      ...Lots of ExpiresByType rules...

    </IfModule>

我对编写 .htaccess 文件一无所知。这只是我发现完成了我需要它做的事情（删除“.html”，重定向到自定义错误页面，并设置自定义过期，...）

Answer 1

我之前遇到过这个问题，我在 .htaccess

上使用了这部分代码

这是“强制” WWW 的代码。在您的链接上：

RewriteEngine On
RewriteCond %{HTTP_HOST}  !^www\.website\.com$ [NC]
RewriteRule ^(.*) http://www.website.com/$1 [L,R]

或

查看您的主机面板，在那里您可以检查有关域和重定向的所有内容。

Answer 2

在您的 .htaccess 上尝试以下操作：

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]