Force https://www Sitemap

  • Resolved Joe G

    (@joe-g)


    1 month ago

    It seems both http://www.capecodupholstery.com, http://capecodupholstery.com properly redirect to https://www.capecodupholstery.com

    If I add /sitemap.xml or /sitemap.xml.gz to the non SSL URL, they do not redirect to the SSL URL.

    Instead they open to a blank non secure page. Any suggestions as redirecting non SSL sitemap pages to the SSL version would be appreciated.

    The odd thing to me which I don’t understand, is both Google and Bing Search Consoles say “Success” when accessing the blank non SSL sitemap pages.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Sybre Waaijer

    (@cybr)

    3 weeks, 6 days ago

    Hi Joe!

    I believe the redirect is excluded for the .xml extensions. This quirk happens quite often in NGINX setups, and you may need to include the .xml extension separately. This issue also occurs on the .txt extension for your site (/robots.txt), which is outputted by WordPress itself (but modified by TSF).

    Still, search engines do not care about the sitemap’s URL scheme as long as it’s accessible and readable.

    Sitemap stylesheets must honor the current domain and scheme (http/https) for security reasons. So, if the scheme doesn’t match (https instead of http), the stylesheet will not be read by the browser. The content of the sitemap is still there, but without the stylesheet, you simply see a blank page. Inspect the source of the sitemap, and you will find all URLs submitted.

    Search engines do not use the sitemap stylesheet.

    I recommend submitting the secure version of your sitemap to Google and Bing. To learn more about that, please see https://support.google.com/webmasters/answer/7451001, and https://www.bing.com/webmasters/help/Sitemaps-3b5cf6ed.

    Thread Starter Joe G

    (@joe-g)

    3 weeks, 6 days ago

    Hi Sybre,

    Thank you for the very helpful explanation. I do indeed see the content viewing the Page Source.

    I assume not, but does The SEO Framework create the non SSL sitemap links. I’m wondering how they got on Bing & Google in the first place as I don’t remember adding them manually.

    Could I simply delete all the non SSL sitemaps from Google and Bing without issue.

    Plugin Author Sybre Waaijer

    (@cybr)

    3 weeks, 6 days ago

    Hi Joe,

    TSF simply tests if the path, WordPressHomePath/^sitemap.xml*, is requested; it doesn’t test the domain (www.example.com), scheme (https://), or port (:80) to output the sitemap.

    Simply, if the WordPress domain is https://www.example.com/, TSF looks for /sitemap.xml in the path.
    If the WordPress domain is https://example.com/WordPress/, TSF looks for /WordPress/sitemap.xml in the path.

    WordPress is dynamic and can be set up to serve multiple domains from a single installation. To support all these special websites, we shouldn’t test for anything but the path.

    You can safely delete the old sitemap URLs from Google Search Console and Bing Webmasters and submit the updated URLs.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.