markohs/forcehttps

Simple Laravel Middleware to force HTTPS connections

Maintainers

Details

github.com/Markohs/ForceHTTPS

Homepage

Source

Issues

Installs: 42

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

v1.1.0 2021-06-01 01:24 UTC

Requires

Requires (Dev)

MIT 054cab3fd0510dd7a0c2f6c299aeb50294eb174e

  • Markohs <marcos.woop@tyrellcorporation.es>

httpsmiddlewarelaravelForceHTTPS

This package is auto-updated.

Last update: 2024-10-29 05:47:41 UTC

README

Build Status Latest Version on Packagist Total Downloads StyleCI

Simple Laravel Middleware to force HTTPS usage on your clients, with a simple whitelist system. Take a look at contributing.md to see a to do list.

Installation

Via Composer

$ composer require markohs/forcehttps

Publish the default config file:

$  php artisan vendor:publish --tag=forcehttps.config

You can now edit default settings in config/forcehttps.php

Requirements

This package is just tested with Laravel 6.0 and 8.0

Usage

You can use any of the following methods:

You can either force HTTPS in a single route in for example routes/web.php:

Route::get('/','StaticPageController@getRoot')->middleware('forcehttps');

You can also use the automatic MiddlewareGroup register mechanism in config/forcehttps.php:

	'autoregister' => ['web']

Or you can add the Middleware manually as usual in app/Http/Kernel.php in the MiddlewareGroups you require:

...
'web' => [
    \App\Http\Middleware\EncryptCookies::class,
...
    \Markohs\ForceSSL\Middleware\ForceHTTPS::class,
...

    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],
...

Set active environments

This package will only be active in the environments you specify, by default stage, prod and production, update config/forcehttps.php if necessary:

    'enabled_environments' => ['stage', 'prod', 'production'],

URL whitelist mechanism

This package also has a path exclusion mechanism I found useful in my projects. Even if a request is affected by this Middleware, a list of paths is checked, in a "whitelist" spirit, those URLS won't emit a 301 HTTP redirect. I use for comunitaction with other traditional systems that use old POST fashion, and don't support HTTPS.

You can set this url whitelist in config/forcehttps.php:

    'whitelist' => [
        'example/url',
        'example2'
    ],

Important notes

If you are using Cloudflare or some kind of proxy to serve your website, you need to make sure you configure TrustedProxy correctly or this Middleware will cause redirect loops.

Make sure you keep the config file /config/trustedproxy.php, or on app\Http\Middleware\TrustProxies.php , variable $proxies, up to date. Or

Change log

Please see the changelog for more information on what has changed recently.

Contributing

Please see contributing.md for details and a todolist.

Security

If you discover any security related issues, or want to help improve this package, please email marcos@tyrellcorporation.es or use the issue tracker or send a PR.

Credits

License

MIT. Please see the license file for more information.