0

I have purchased a domain name successfully on google domains. I have the website and server deployed on Heroku, which has provided us with a DNS target and a positive ACM status. When navigating to the site by clicking the link provided by the google search, SSL is not active. However, typing into the address bar "https" will cause it to use SSL as will just typing [domain-name].ca, BUT typing "http", it will not use SSL. Why is google defaulting to the non-SSL version?

I have set up the synthetic record: @.[domain-name] -> https://www.[domain-name].ca on google domains

Shouldn't this forward every request to https?

I do not have any http calls in my code.

Jake Chambers
  • 408
  • 1
  • 5
  • 21

1 Answers1

0

Depending on what enviornment you are using, you need to enable force ssl config.

Rails Use config.force_ssl = true in your config/environments/production.rb or similar.

Node (Express.js) Use a package to set this up for your app. Some options can be found here: https://www.npmjs.com/search?q=express+ssl

PHP You can add directives to the .htaccess file at the root of your project to do this. See this SO post for an example https://stackoverflow.com/a/34065445

Django Set SECURE_SSL_REDIRECT to True.

Flask You can use https://github.com/kennethreitz/flask-sslify to handle this for you.

mdeora
  • 3,642
  • 1
  • 16
  • 27