Ensure WWW as part of both HTTP and HTTPS connections HTACCESS

Question

I'm trying to manage the canonicals for my website using htaccess.

I recently switched to HTTPS and now my old rules aren't working:

#URLS ALWAYS CHANGED TO WWW
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

#PREVENT TRAILING '/' AT END OF URLS
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# PREVENT CANONICALIZATION DUPLICATES
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^.*/index\.php
RewriteRule ^(.*)index.php$ http://www.example.com/$1 [R=301,L]

There's a bit of a catch though. If a connection is through HTTP I want it to stay as HTTP.

I don't want to force HTTPS, as I need HTTP sometimes for visitor security reasons - so embedded content can't piggyback on my https authority:

Ordinary people don't understand what an IFRAME is. They will just look at the padlock and https at the topbar and think the site is safe to put their credit card details - when actually they may be accessing an untrusted HTTP site (or worse). Therefore pages that display uncontrolled IFRAME content I always display as http.

The pages 301 redirect if the wrong url is being used anyway. But I'd rather do this with htaccess as well for more redundancy and a faster response.

So this is basically what I need to do:

• https://example.com -> https://www.example.com

• http://example.com -> http://www.example.com

• https://example.com/ -> https://www.example.com

• http://example.com/ -> http://www.example.com

• https://www.example.com/ -> https://www.example.com

• http://www.example.com/ -> http://www.example.com

• https://example.com/index.php -> https://www.example.com

• http://example.com/index.php -> http://www.example.com