Join Log in
Score:-1
temporary_user_name avatar Server

Why is my naked domain working when I only configured the www?

vn flag
temporary_user_name

I set up my domain on heroku/cloudflare. In my heroku settings, my domain is listed as www.my-domain.example. While testing and iterating on configuration, I removed the other entry I had previously added for my-domain.example with its own DNS target from heroku.

On cloudflare, I have two DNS records. One is _domainconnect since my domain is on Godaddy but is pointed at Cloudflare's DNS. The other is this:

CNAME    www    <the DNS target provided by heroku for www.my-domain.example>

I expected my-domain.example to not work, but it does work. It just redirects to www.my-domain.example.

Why is that happening? It's doing the right thing, but I want to understand it so I am better able to handle future issues.

Edit: Wait, it's different from one browser to the next.

In Chrome www is secure and naked redirects to www.
In Safari both www and naked domain are marked "Not Secure".
In Edge, naked domain doesn't load at all while www is Secure. But once I've loaded www, naked redirects to www.
In firefox neither one loads at all.

What is going on?

I added the naked domain back into the heroku list and made a CNAME entry for it on cloudflare, and now edge and firefox work. Safari still marks the site Not Secure both ways. I'm rather confused.

130
1 + 2
vidarlo avatar
ar flag
vidarlo
Tell uss the domain so we can poke it to see what's *actually* configured.
1
Reply
Score:0
vidarlo avatar Server
ar flag
vidarlo

I don't know what you've configured, but your DNS servers reply fine for both cardtavern.com. and www.cardtavern.com:

[~]$ dig cardtavern.com +short
172.67.148.182
104.21.29.91
[~]$ dig www.cardtavern.com +short
172.67.148.182
104.21.29.91

Cloudflare happily serves content at both http and https, with and without www.

+ 7
temporary_user_name avatar
vn flag
temporary_user_name
Hmm! Thank you for checking. I'm not sure why Safari still marks it Not Secure then.
0
Reply
vidarlo avatar
ar flag
vidarlo
You should probably try to understand *what* makes browsers do that.
0
Reply
temporary_user_name avatar
vn flag
temporary_user_name
Yeah I mean I've looked through some resources [like this one](https://support.apple.com/en-us/HT208672) but I'm not really putting 2 and 2 together as to why it's secure in every other browser. And I can't find a way to get Safari to give me meaningful details specific to my site.
0
Reply
temporary_user_name avatar
vn flag
temporary_user_name
OH if I force https by typing it out then it's secure. It's just that safari for some reason is the only browser not automatically doing that....I thought I had cloudflare configured to do that anyway Okay sorry rubber ducking here now. I guess I need to figure out how to force http to redirect to https.
0
Reply
temporary_user_name avatar
vn flag
temporary_user_name
I'm all set. I had to just flip a toggle on cloudflare. By the way, could I ask you to remove my domain from the answer now? Just replace with `example.com` if you don't mind, I would appreciate it.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.