The only problem I see is that the redirect.js script is directly assigning a value to location.href, instead of using location.replace
Assigning to .href is similar to clicking a link; the non-https page will be in the history.
That means if someone is using a letsencrypt compatible browser, and then enter the http site, will be redirected to https, with the http site on the history.
Now, whats going to happen if the user clicks on the back button?
It will return to the non-https version, and immediately will be returned to the https version again. Which means the back button would be broken.
This can be easily fixed if the script instead uses location.replace
It would look like this:
if (location.href.match(/^http:/i)) {
location.replace(location.href.replace(/^http:/i, 'https:'));
}
In the end, is only an small detail, of course
The only problem I see is that the redirect.js script is directly assigning a value to location.href, instead of using location.replace Assigning to .href is similar to clicking a link; the non-https page will be in the history. That means if someone is using a letsencrypt compatible browser, and then enter the http site, will be redirected to https, with the http site on the history. Now, whats going to happen if the user clicks on the back button? It will return to the non-https version, and immediately will be returned to the https version again. Which means the back button would be broken. This can be easily fixed if the script instead uses location.replace It would look like this: if (location.href.match(/^http:/i)) { location.replace(location.href.replace(/^http:/i, 'https:')); } In the end, is only an small detail, of course