Showing results for 
Show  only  | Search instead for 
Did you mean: 

HSTS Access Forbidden only on Safari/iPhone

Good afternoon;


I have a .dev domain which is on the HSTS Preload list. Unfortunately the entire .dev listing is required to be on the preload, so I can't request removal. I have purchased and am currently using a ssl certificate. Additionally, I have set the web.config to automatically redirect from http to https. The problem is iPhone users. It seems they don't accept the redirect and get an access forbidden error. This is my portfolio site so I can't risk losing a job simply because someone thinks I can't post my links correct. Any insight? 



<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="Force HTTPS" stopProcessing="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule> </rules> </rewrite> <httpProtocol> <customHeaders> <add name="Strict-Transport-Security" value="max-age=31536000"/> </customHeaders> </httpProtocol> </system.webServer> </configuration>