Deploying the asset canister with the setting “allow_raw_access: false” does not produce the desired result: the browser does not redirect from the URL “https://CANISTER_ID.raw.icp0.io” to “https://CANISTER_ID.icp0.io”.

[alexeychirkov]

Deploying the asset canister with the setting “allow_raw_access: false” does not produce the desired result: the browser does not redirect from the URL “https://CANISTER_ID.raw.icp0.io” to “https://CANISTER_ID.icp0.io”.

I tried the following:

Content of .ic-assets.json file:

[
  {
    "match": "**/*",
    "security_policy": "standard",
    "allow_raw_access": false
  },
  {
    "match": ".well-known",
    "ignore": false
  },
  {
    "match": ".well-known/ii-alternative-origins",
    "headers": {
      "Access-Control-Allow-Origin": "*",
      "Content-Type": "application/json"
    },
    "ignore": false
  }
]

I expected to see this happen: user should be redirected from “https://CANISTER_ID.raw.icp0.io” to “https://CANISTER_ID.icp0.io”

Instead, this happened: browser stays on “https://CANISTER_ID.raw.icp0.io”

Response:

Request URL: https://CANISTER_ID.raw.icp0.io/
Request Method: GET
Status Code: 200 OK
Remote Address: 212.71.124.187:443
Referrer Policy: strict-origin-when-cross-origin

access-control-allow-origin: *
access-control-expose-headers: accept-ranges,content-length,content-range,x-request-id,x-ic-canister-id
content-encoding: gzip
content-length: 421
content-security-policy: default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;
content-type: text/html
date: Thu, 03 Apr 2025 13:11:21 GMT
etag: "3890c5239e64a474154c7ad9c791af2f40cb7d50cb95dc71d1535d9b0da3be27"
ic-certificate: version=2, certificate=REDACTED
ic-certificateexpression: default_certification(ValidationArgs{certification: Certification{no_request_certification: Empty{}, response_certification: ResponseCertification{certified_response_headers: ResponseHeaderList{headers: ["content-type", "content-encoding", "X-Content-Type-Options", "Permissions-Policy", "Referrer-Policy", "Strict-Transport-Security", "Content-Security-Policy", "X-Frame-Options", "X-XSS-Protection"]}}}})
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()
referrer-policy: same-origin
strict-transport-security: max-age=31536000; includeSubDomains
vary: origin, access-control-request-method, access-control-request-headers
x-content-type-options: nosniff
x-frame-options: DENY
x-ic-canister-id: CANISTER_ID
x-request-id: 0195fbc7-0f59-7f73-932f-f3c9242260a3
x-xss-protection: 1; mode=block

Meta

dfx --version:

dfx 0.24.0

Actual canister id is redacted.