fix redirect match

lib/insecure-server.js

@@ -43,7 +43,7 @@ module.exports.create = function (securePort, insecurePort, info, serverCallback
     // needs ECDSA?
 
     console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js');
-    if (/redirect-www.org/.test(host) && useAppInsecurely(req, res)) {
+    if (/redirect-www.org$/.test(host) && useAppInsecurely(req, res)) {
       return true;
     }
 

lib/no-www.js

@@ -20,8 +20,9 @@ module.exports.scrubTheDub = function (req, res, redirectives) {
       return false;
     }
   } else {
-    newLocation = 'https://' + hostname.replace(/^www\./, '') + req.url;
+    newLocation = 'https://' + hostname.replace(/^www\./, '');
   }
+  newLocation += req.url;
   safeLocation = escapeHtml(newLocation);
 
   var metaRedirect = ''