Good afternoon;
I have a .dev domain which is on the HSTS Preload list. Unfortunately the entire .dev listing is required to be on the preload, so I can't request removal. I have purchased and am currently using a ssl certificate. Additionally, I have set the web.config to automatically redirect from http to https. The problem is iPhone users. It seems they don't accept the redirect and get an access forbidden error. This is my portfolio site so I can't risk losing a job simply because someone thinks I can't post my links correct. Any insight?
Ryan
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://www.onebyte.dev/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
