yorkshirepudding's picture

Posted by yorkshirepudding on Fri, Aug 13, 2021 - 9:52am

I have a domain, let's call it example.co.uk where my website is hosted.  In order to protect my brand, I also have example.com and example.uk

Because, my company has changed names (and because I still own the domain linked to the original name as it is the primary domain on a G Suite legacy account) I also have sample.co.uk 

The domains in italics (i.e. the ones that aren't example.co.uk) are all redirected (301) to https://www.example.co.uk

Do I need to include these redirected domains in  the array of trusted host patterns? Or does the fact that they are all redirected here mean I only need to include example.co.uk in my trusted host patterns. 

Accepted answer

If the redirect is happening at the HTTP server level (or sooner), which it should be, you should not need to add the domain(s) you are redirecting from to your trusted host patterns, because by the time it hits Backdrop, it should be using the domain name it was redirected to.

 

Comments

oadaeh's picture

Fri, Aug 13, 2021 - 10:15am by oadaeh

If the redirect is happening at the HTTP server level (or sooner), which it should be, you should not need to add the domain(s) you are redirecting from to your trusted host patterns, because by the time it hits Backdrop, it should be using the domain name it was redirected to.

 

Sun, Apr 28, 2024 - 12:02pm by izmeez

Presumably, including Apache .htaccess as server level?

Sun, Apr 28, 2024 - 12:20pm by izmeez

What about www and non-www bare domain names? Should both be added as trusted host patterns?

$settings['trusted_host_patterns'] = array('^www\.example\.com$','^example\.com$');

or only the definitive host url? Is there any downside to including both?

Mon, Apr 29, 2024 - 3:23am by yorkshirepudding

What I tend to do in .htaccess is pick one and redirect to that. If you allow both and you don't specify a canonical one, then it could affect search as they would appear as duplicates.  You may get odd results if you have analytics or another service that expect a particular URL and someone comes from the other one.

I think if you insist on having them both you need to allow that in the trusted host pattern. 

Tue, Apr 30, 2024 - 9:52am by izmeez

Sorry for not being more clear in earlier comment.

Presuming .htaccess is directing to a single url, either www or non-www bare domain, not allowing both. When it comes to adding trusted host patterns to the settings.php file, does it matter if both are added?

$settings['trusted_host_patterns'] = array('^www\.example\.com$','^example\.com$');

Or should it only be the definitive (canonical) host url? 

Is there any downside to including both?

Tue, Apr 30, 2024 - 11:59am by yorkshirepudding

Hi @izmeez

I believe that server-level includes .htaccess as this is read by Apache before Backdrop gets to it.

I personally wouldn't include more in trusted host patterns that is necessary. I doubt it would cause any harm either way though.