How To Redirect HTTP to HTTPS Without Breaking Your API

August 01, 2016

Last week I was setting up SSL for our upcoming product Better HQ - Feedback and bug reporting app.

When I checked our API I noticed some methods didn’t work in HTTP connection.


Our API needs to work in both HTTP and HTTPS connection because we are using it for our apps.

What caused to break our API

We were using 301 Moved Permanently for redirecting HTTP to HTTPS connection. If we perform POST request and it returns 301/302 then user agents don’t stick with the POST method.

As a result of this, we were not able to POST, PUT and DELETE operations.

How Did I fix it ?

It plain simple.

Just use 308 Permanent Redirect instead of 301.

It will take care of those methods.

Here’s our current Apache configuration for redirecting http to https connection.

<VirtualHost *:80>
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=308,L]

👋 I'm Ashik Nesin • Principal Software Engineer @Chargebee 👨‍💻• I write about web development & behinds the scenes of startup/side projects that I'm building

© 2022 Nesin Technologies LLP