- Published on
How To Redirect HTTP to HTTPS Without Breaking Your API
- Authors
- Name
- Ashik Nesin
- @AshikNesin
Last week I was setting up SSL for our upcoming product Better HQ - Feedback and bug reporting app.
When I checked our API I noticed some methods didn't work in HTTP connection.
Heck…
Our API needs to work in both HTTP and HTTPS connection because we are using it for our apps.
What caused to break our API
We were using 301 Moved Permanently for redirecting HTTP to HTTPS connection. If we perform POST request and it returns 301/302 then user agents don’t stick with the POST method.
As a result of this, we were not able to POST, PUT and DELETE operations.
How Did I fix it ?
It plain simple.
Just use 308 Permanent Redirect instead of 301.
It will take care of those methods.
Here’s our current Apache configuration for redirecting http to https connection.
<VirtualHost *:80>
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=308,L]
</VirtualHost>