I recently ran a report on my new site on MigrateToFlarum: https://lab.migratetoflarum.com/scans/50ba2445-5709-4d29-ac89-92692645340e
I fixed one issue and ran again, and got these results. I'm having some trouble figuring out how to solve it.
For reference, I am using Amazon Lightsail LAMP configuration with Bitnami. I made some tweaks to the .htaccess file in Public that solved two of the issues my original scan pointed out.
I have one redirect CNAME record:
Image
I used this guide to set up SSL and HTTPS: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-lamp
And I recently added the following code from here: https://github.com/phanan/htaccess which solved two of the issues from the Flarum test. Here's the code I added:
Force non-www in a Generic Way
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
Force HTTPS
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
# Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS)
# on your HTTPS website to help prevent man-in-the-middle attacks.
# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
<IfModule mod_headers.c>
# Remove "includeSubDomains" if you don't want to enforce HSTS on all subdomains
Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains"
</IfModule>
And, this is what I see in the network console in Chrome, which just confirms the issue the Flarum test pointed out:
Image
