Skip to content
/ ForceHTTPS Public

Simple Laravel Middleware to force HTTPS usage on your clients, with a simple whitelist system.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Markohs/ForceHTTPS

BranchesTags

Repository files navigation

ForceHTTPS

Build Status Latest Version on Packagist Total Downloads StyleCI

Simple Laravel Middleware to force HTTPS usage on your clients, with a simple whitelist system. Take a look at contributing.md to see a to do list.

Installation

Via Composer

$ composer require markohs/forcehttps

Publish the default config file:

$  php artisan vendor:publish --tag=forcehttps.config

You can now edit default settings in config/forcehttps.php

Requirements

This package is just tested with Laravel 6.0 and 8.0

Usage

You can use any of the following methods:

You can either force HTTPS in a single route in for example routes/web.php:

Route::get('/','StaticPageController@getRoot')->middleware('forcehttps');

You can also use the automatic MiddlewareGroup register mechanism in config/forcehttps.php:

	'autoregister' => ['web']

Or you can add the Middleware manually as usual in app/Http/Kernel.php in the MiddlewareGroups you require:

...
'web' => [
    \App\Http\Middleware\EncryptCookies::class,
...
    \Markohs\ForceSSL\Middleware\ForceHTTPS::class,
...

    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],
...

Set active environments

This package will only be active in the environments you specify, by default stage, prod and production, update config/forcehttps.php if necessary:

    'enabled_environments' => ['stage', 'prod', 'production'],

URL whitelist mechanism

This package also has a path exclusion mechanism I found useful in my projects. Even if a request is affected by this Middleware, a list of paths is checked, in a "whitelist" spirit, those URLS won't emit a 301 HTTP redirect. I use for comunitaction with other traditional systems that use old POST fashion, and don't support HTTPS.

You can set this url whitelist in config/forcehttps.php:

    'whitelist' => [
        'example/url',
        'example2'
    ],

Important notes

If you are using Cloudflare or some kind of proxy to serve your website, you need to make sure you configure TrustedProxy correctly or this Middleware will cause redirect loops.

Make sure you keep the config file /config/trustedproxy.php, or on app\Http\Middleware\TrustProxies.php , variable $proxies, up to date. Or

Change log

Please see the changelog for more information on what has changed recently.

Contributing

Please see contributing.md for details and a todolist.

Security

If you discover any security related issues, or want to help improve this package, please email marcos@tyrellcorporation.es or use the issue tracker or send a PR.

Credits

License

MIT. Please see the license file for more information.

About

Simple Laravel Middleware to force HTTPS usage on your clients, with a simple whitelist system.

Topics

middleware laravel https

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

12 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages