csun-metalab/lumen-force-https

A small Composer package for Lumen that forces HTTPS in the URL via middleware

Maintainers

Details

github.com/PioneeringTechLab/lumen-force-https

Source

Issues

Installs: 7 820

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

1.0.1 2020-08-12 14:54 UTC

Requires

  • php: >=5.5.9

MIT bc6fffd677cc9ad631a1dad52b877fa717c6f45f

  • Matthew Fritz <mattf.woop@burbankparanormal.com>

This package is auto-updated.

Last update: 2024-10-26 04:10:58 UTC

README

A small Composer package for Lumen 5.1 and above to force HTTPS in the URL via middleware.

Table of Contents

Installation

Composer, Environment, and Service Provider

Composer

To install from Composer, use the following command:

composer require csun-metalab/lumen-force-https

Environment

Now, add the following line(s) to your .env file:

FORCE_HTTPS=true

This will enable the forcing functionality.

Service Provider

Next, register the service provider and the configuration file in bootstrap/app.php as follows:

$app->configure('forcehttps');
$app->register(CSUNMetaLab\LumenForceHttps\Providers\ForceHttpsServiceProvider::class);

Configuration File

If you do not already have a config directory in your project root, go ahead and create it.

In order to leverage the custom configuration values from this package, copy and paste the following code into a file called forcehttps.php within your config directory in Lumen:

<?php

return [

  /*
    |--------------------------------------------------------------------------
    | Force HTTPS
    |--------------------------------------------------------------------------
    |
    | Whether to force HTTPS on all URLs or not. Default is false.
    |
    */
  'force_https' => env('FORCE_HTTPS', false),

];

?>

Middleware Installation

Finally, add a call to $app->middleware() in bootstrap/app.php or modify an existing one to apply it to all requests the application receives:

$app->middleware([
   CSUNMetaLab\LumenForceHttps\Http\Middleware\ForceHttps::class,
]);

Required Environment Variables

You added an environment variable to your .env file that controls the protocol the application traffic uses.

FORCE_HTTPS

Whether to force HTTPS on all URLs or not. Default is false to prevent any unexpected issues from forcing HTTPS directly upon installation.

Middleware

Force HTTPS Middleware

This class is namespaced as CSUNMetaLab\LumenForceHttps\Http\Middleware\ForceHttps.

The middleware performs the following steps:

  1. Checks to see if the application configuration requests traffic to be forced over HTTPS
  2. If so, it performs the following steps:
    1. Resolves the request URI as an absolute URL so it can also see the protocol
    2. Checks to see if the HTTPS server variable is a non-empty value or set as off
    3. If the protocol isn't already https: then it replaces it with https: and returns a redirect
  3. If not, it passes the request instance to the next configured middleware in the pipeline

Resources

Middleware