[suggestion] Redirect away from www., and enforce HTTPS when in production

langleyfoxall / laravel-boilerplate

Boilerplate for Laravel with common tools/plugins for ease of development.

MIT License

2 stars 4 forks source link

[suggestion] Redirect away from www., and enforce HTTPS when in production #1

Closed DivineOmega closed 6 years ago

DivineOmega commented 6 years ago

I'd like to suggest functionality to do this following.

Redirect away from www. which will prevent SEO duplicate content issues on publicly accessible sites, and mitigate multiple sets of cookies on all systems.
Enforce HTTPS when APP_ENV is set to prod.

I've previously written middleware to handle this, which I'd be happy to integrate if people want this functionality.

@dextermb @AlexCatch @wheatleyjj

AlexCatch commented 6 years ago

I think this should be done by the web server handling the requests, this is why this isn't an issue on sites deployed through Laravel Forge, NGINX is setup to redirect requests through HTTPS.

dextermb commented 6 years ago

@AlexCatch I do believe that you manually have to add or request a certificate on forge though. Then it'll set up 101s or redirecting back to https (don't think it looks in the ENV for APP_ENV=PROD). All hail NGINX.

@DivineOmega

I've never really looked into how much www. affects SEO. Got any supporting articles?
I'd hope that on all of the production forge instances the ENV is set to prod either way as it hides error messages away from the client.

DivineOmega commented 6 years ago

@dextermb Hopefully most search engine are smart enough to handle this now, but these is still general advice around not duplicating site content on subdomains.

https://searchengineland.com/canonical-chaos-doubling-duplicate-content-264078 (from 2016)

Regarding prod in production, I agree this should definitely be set.