Easy redirect to https for Laravel
Laravel 5.5 is released!
composer require yaroslawww/laravel-force-https
If you use laravel 5.4 and below then open config/app.php
and find the providers
key. Add LaravelForceHttpsServiceProvide
to the array.
...
Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider::class,
...
Moreover, this package includes a middleware object to redirect all "non-ssl" routes to the corresponding "ssl".
So, if a user navigates to http://url-to-laravel/test and the system has this middleware active it would redirect (301) him automatically to https://url-to-laravel/test. This is mainly used to avoid duplicate content and improve SEO performance.
To do so, you have to register the middleware in the app/Http/Kernel.php
file like this:
//app/Http/Kernel.php
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
/**** OTHER MIDDLEWARE ****/
'laravelForceHttps' => \Angecode\LaravelForceHttps\Middleware\LaravelForceHttpsMiddlewareRedirect::class,
// REDIRECTION MIDDLEWARE
];
// /routes/web.php
Route::group(
[
'middleware' => [ 'laravelForceHttps' ]
],
function()
{
/** ADD ALL SECURE ROUTES INSIDE THIS GROUP **/
Route::get('/', function()
{
//
});
Route::get('test',function()
{
//
});
});
/** OTHER PAGES THAT SHOULD NOT BE SECURE **/
In order to edit the default configuration for this package you may execute:
php artisan vendor:publish --provider="Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider"
After that, config/laravelforcehttps.php
will be created. Inside this file you will find all the fields that can be edited in this package.
Since you will typically need to overwrite the assets every time the package is updated, you may use the --force flag:
php artisan vendor:publish --provider="Angecode\LaravelForceHttps\LaravelForceHttpsServiceProvider" --force
If you find yourself behind some sort of proxy - like a load balancer - then certain header information may be sent to you using special X-Forwarded-* headers or the Forwarded header. For example, the Host HTTP header is usually used to return the requested host. But when you're behind a proxy, the actual host may be stored in an X-Forwarded-Host header.
Since HTTP headers can be spoofed, Laravel does not trust these proxy headers by default. If you are behind a proxy, you should manually whitelist your proxy as like follows:
// config/laravelforcehttps.php
...
'set_trusted_proxies' => [
'use_self_client_ip' => true,
'ips' => [
'192.0.0.1',
'10.0.0.0/8',
]
]
...
View changelog here -> changelog
Laravel Force Https is an open-sourced laravel package licensed under the MIT license