ASP.NET - How to Redirect from HTTP to HTTPS and specific origin by Web.config [CORS policy issue]

Question

I do redirect users from Http to Https by below configuration

<rewrite>
  <rules>
    <rule name="HTTP_TO_HTTPS" enabled="true" stopProcessing="true">
      <match url="(.*)"/>
      <conditions logicalGrouping="MatchAny">
        <add input="{HTTPS}" pattern="^OFF$"/>
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false"/>
    </rule>
  </rules>
</rewrite>       

it works as expected. But here is a problem that it only redirects to Https but not excepted origin. I mean

http://www.example.com to https://www.example.com

http://example.com to https://example.com

The above situation cause, users have different origins that the Cross-origin resource sharing (CORS) policy problem.

I want to redirect all users to https://example.com in order to avoid conflicted origins.

Answer 1

You could use the rewrite module to remove the WWW part also

<rule name="Remove www" stopProcessing="true">
  <match url="(.*)" ignoreCase="true" />
  <conditions>
    <add input="{HTTP_HOST}" pattern="^www" />
  </conditions>
  <action type="Redirect" url="http://example.com/{R:0}" redirectType="Permanent" />
</rule>