yaroslawww / laravel-force-https by yaroslawww

Easy redirect to https for Laravel
9,715
12
1
Package Data
Maintainer Username: yaroslawww
Maintainer Contact: yaroslav.georgitsa@gmail.com (Yaroslav Georgitsa)
Package Create Date: 2017-02-22
Package Last Update: 2021-09-27
Language: PHP
License: MIT
Last Refreshed: 2024-12-16 15:02:35
Package Statistics
Total Downloads: 9,715
Monthly Downloads: 8
Daily Downloads: 0
Total Stars: 12
Total Watchers: 1
Total Forks: 3
Total Open Issues: 1

Laravel Force Https

Easy redirect to https for Laravel

Table of Contents

  • Installation
    • Composer
    • Manually
    • Laravel
  • Usage
    • Middleware
  • Config
    • Config files
    • Service providers
  • Changelog
  • License

Laravel compatibility

Laravel 5.5 is released!

Installation

Composer

composer require yaroslawww/laravel-force-https

Laravel

If you use laravel 5.4 and below then open config/app.php and find the providers key. Add LaravelForceHttpsServiceProvide to the array.

	...
	Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider::class,
	...

Usage

Middleware

Moreover, this package includes a middleware object to redirect all "non-ssl" routes to the corresponding "ssl".

So, if a user navigates to http://url-to-laravel/test and the system has this middleware active it would redirect (301) him automatically to https://url-to-laravel/test. This is mainly used to avoid duplicate content and improve SEO performance.

To do so, you have to register the middleware in the app/Http/Kernel.php file like this:

    //app/Http/Kernel.php
	
		/**
		 * The application's route middleware.
		 *
		 * @var array
		 */
		protected $routeMiddleware = [
			/**** OTHER MIDDLEWARE ****/
			'laravelForceHttps' => \Angecode\LaravelForceHttps\Middleware\LaravelForceHttpsMiddlewareRedirect::class,
			// REDIRECTION MIDDLEWARE
		];

	// /routes/web.php

	Route::group(
	[
		'middleware' => [ 'laravelForceHttps' ]
	],
	function()
	{
		/** ADD ALL SECURE ROUTES INSIDE THIS GROUP **/
		Route::get('/', function()
		{
			//
		});

		Route::get('test',function()
		{
			//
		});
	});

	/** OTHER PAGES THAT SHOULD NOT BE SECURE **/

Config

Config Files

In order to edit the default configuration for this package you may execute:

php artisan vendor:publish --provider="Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider"

After that, config/laravelforcehttps.php will be created. Inside this file you will find all the fields that can be edited in this package.

Since you will typically need to overwrite the assets every time the package is updated, you may use the --force flag:


php artisan vendor:publish --provider="Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider" --force

Laravel force https Amazon support

If you find yourself behind some sort of proxy - like a load balancer - then certain header information may be sent to you using special X-Forwarded-* headers or the Forwarded header. For example, the Host HTTP header is usually used to return the requested host. But when you're behind a proxy, the actual host may be stored in an X-Forwarded-Host header.

Since HTTP headers can be spoofed, Laravel does not trust these proxy headers by default. If you are behind a proxy, you should manually whitelist your proxy as like follows:

// config/laravelforcehttps.php

...
    'set_trusted_proxies' => [
        'use_self_client_ip' => true,
        'ips' => [
            '192.0.0.1',
            '10.0.0.0/8',
        ]
    ]
...

Changelog

View changelog here -> changelog

License

Laravel Force Https is an open-sourced laravel package licensed under the MIT license