I have a question though.. you mention the use of rel canonical to solve the lesser second half of the problem.. What is that second problem? Shouldn't just the redirects be enough?
Btw, I have grown to prefer netlify.toml over the _redirects, etc. cookie files; esp. for CSP rules.
> Just that it keeps everything in one file?
That too, plus
> Or is there another advantage I don't know about?
The triple-quoted multi-line strings! With those, the CSP can be broken over multiple lines like this. And without that, that whole CSP block would need to be written in a single line in _headers.