csun-metalab/laravel-force-https

A small Composer package for Laravel 5.0 and above to force HTTPS in the URL

1.0.1 2020-08-12 14:54 UTC

This package is auto-updated.

Last update: 2024-12-26 04:29:23 UTC


README

A small Composer package for Laravel 5.0 and above to force HTTPS in the URL via middleware.

Table of Contents

Installation

Composer, Environment, and Service Provider

Composer

To install from Composer, use the following command:

composer require csun-metalab/laravel-force-https

Environment

Now, add the following line(s) to your .env file:

FORCE_HTTPS=true

This will enable the forcing functionality.

Service Provider

Add the service provider to your providers array in config/app.php in Laravel as follows:

'providers' => [
   //...

   CSUNMetaLab\ForceHttps\Providers\ForceHttpsServiceProvider::class,

   // You can also use this based on Laravel convention:
   // 'CSUNMetaLab\ForceHttps\Providers\ForceHttpsServiceProvider',

   //...
],

Middleware Installation

Add the middleware to your $middleware array in app/Http/Kernel.php to apply it to all requests the application receives:

protected $middleware = [
	//...

	CSUNMetaLab\ForceHttps\Http\Middleware\ForceHttps::class,

	// You can also use this based on Laravel convention:
	// 'CSUNMetaLab\ForceHttps\Http\Middleware\ForceHttps',

	//...
];

Publish Everything

Finally, run the following Artisan command to publish everything:

php artisan vendor:publish

The following assets are published:

  • Configuration (tagged as config) - these go into your config directory

Required Environment Variables

You added an environment variable to your .env file that controls the protocol the application traffic uses.

FORCE_HTTPS

Whether to force HTTPS on all URLs or not. Default is false to prevent any unexpected issues from forcing HTTPS directly upon installation.

Middleware

Force HTTPS Middleware

This class is namespaced as CSUNMetaLab\ForceHttps\Http\Middleware\ForceHttps.

The middleware performs the following steps:

  1. Checks to see if the application configuration requests traffic to be forced over HTTPS
  2. If so, it performs the following steps:
    1. Resolves the request URI as an absolute URL so it can also see the protocol
    2. Checks to see if the HTTPS server variable is a non-empty value or set as off
    3. If the protocol isn't already https: then it replaces it with https: and returns a redirect
  3. If not, it passes the request instance to the next configured middleware in the pipeline

Resources

Middleware