http or www to https redirect not working

Question

My website should be redirecting all links to my website to the https:// domain, but when typed in certain ways it doesn't work.

https://www.example.com --- works

example.com --- works

www.example.com --- doesn't work, goes to http://...

The website calls a global header and footer from a separate file. When it doesn't work it throws this error:

    Access to XMLHttpRequest at 'https://www.example.com/header.html'
    from origin 'http://www.example.com' has been blocked by CORS policy:
    Response to preflight request doesn't pass access control check: The
    value of the 'Access-Control-Allow-Credentials' header in the response
    is '' which must be 'true' when the request's credentials mode is
    'include'. The credentials mode of requests initiated by the
    XMLHttpRequest is controlled by the withCredentials attribute.

This is the code that calls the header file:

    var headerURL = 'https://www.example.com/header.html';
    var xhr = new XMLHttpRequest();
    xhr.open('POST', headerURL, true);
    xhr.withCredentials = true;
    xhr.onreadystatechange = function()
    {
      if (xhr.readyState === 2)
      {
        $('header').load(headerURL + ' header', function()
        {
          ...do stuff with the header...
        });
      }
    }
    xhr.setRequestHeader('Content-Type', 'application/json');
    xhr.send(JSON);

Here is my .htaccess file:

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_FILENAME} !-d 
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)$ $1.html

    RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [L,R=301]

    Redirect /page1.html /page1
    Redirect /page2.html /page2
    Redirect /page3.html /page3
    Redirect /page4.html /page4
    Redirect /page5.html /page5

    ErrorDocument 404 /404.shtml
    ErrorDocument 500 /500.shtml

    # Enable CORS
    Header always set Access-Control-Allow-Origin "https://www.example.com"
    Header always set Access-Control-Allow-Origin "http://www.example.com"

    # ----------------------------------------------------------------------
    # Expires headers (for better cache control)
    # ----------------------------------------------------------------------

    <IfModule mod_expires.c>
      ExpiresActive on

      ...Lots of ExpiresByType rules...

    </IfModule>

I don't know really anything about writing .htaccess files. This is just pieces that I found that did what I needed it to do (remove ".html", redirects to custom error pages, and sets custom expirations,...)

Answer 1

I had that problem before and I use this part of code on my .htaccess

Here is the code to "force" the WWW. on your link:

RewriteEngine On
RewriteCond %{HTTP_HOST}  !^www\.website\.com$ [NC]
RewriteRule ^(.*) http://www.website.com/$1 [L,R]

OR

Look at your Host Panel , there you can check everything about domains and redirecting.

Answer 2

try following on top of your .htaccess:

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]