How to force Laravel Project to use HTTPS for all routes?
You can set 'url' => 'https://youDomain.com'
in config/app.php
or you could use a middleware class Laravel 5 - redirect to HTTPS.
Laravel 5 - redirect to HTTPS
You can make it works with a Middleware class. Let me give you an idea.
namespace MyApp\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\App;
class HttpsProtocol {
public function handle($request, Closure $next)
{
if (!$request->secure() && App::environment() === 'production') {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Then, apply this middleware to every request adding setting the rule at Kernel.php
file, like so:
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
// appending custom middleware
'MyApp\Http\Middleware\HttpsProtocol'
];
At sample above, the middleware will redirect every request to https if:
- The current request comes with no secure protocol (http)
- If your environment is equals to
production
. So, just adjust the settings according to your preferences.
Cloudflare
I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && App::environment() === 'production'
and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.
Edit 23/03/2015
Thanks to @Adam Link
's suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say...
$request->setTrustedProxies( [ $request->getClientIp() ] );
...to trust the headers CloudFlare is sending. This will stop the redirect loop
Edit 27/09/2016 - Laravel v5.3
Just need to add the middleware class into web
group in kernel.php file
:
protected $middlewareGroups = [
'web' => [
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// here
\MyApp\Http\Middleware\HttpsProtocol::class
],
];
Remember that
web
group is applied to every route by default, so you do not need to setweb
explicitly in routes nor controllers.
Edit 23/08/2018 - Laravel v5.7
- To redirect a request depending the environment you can use
App::environment() === 'production'
. For previous version wasenv('APP_ENV') === 'production'
. - Using
\URL::forceScheme('https');
actually does not redirect. It just builds links withhttps://
once the website is rendered.
Laravel Use HTTPS
There are few things you need to make sure working :
- Is your route working in standard HTTP mode without
index.php
in url. Like sometimes laravel.com/aboutus does no work but laravel.com/index.php/aboutus works. If its the case, you need to enablemod_rewrites
in php and then addAllowOverride All
in your virtualhost configurations and restart apache. - Coming to HTTPS, what you have setup in laravel will make laravel request forwarded to a secure HTTPS url. However, your server must be able listen, handle and respond to HTTPS request.
- You need to enable yoru virtualhost to listen to port
443
which is the SSL port. Also, if you have SSL certificates, those need to be configured as well. - Before knowing if laravel works on HTTPS, make a simple php file and try to access it using HTTPS of the server url. If that works then you can check whats wrong in laravel. If that does not, then SSL is no configured correctly on your server.
- Lastly, check
.htaccess
rewrite conditions. php artisan config:clear
andphp artisan route:cache
Hope this helps to debug this
Laravel generate secure https URL from route
Actually turns out, that laravel doesn't care if url is secure or not, because it generates based on the current url. If you're on https page, route()
will return secure url. If on http, then http://
url
The problem was, that Laravel didn't detect that https was enabled, which was due to faulty server configuration.
You can check if Laravel sees the current connection as https by calling Request::isSecure();
Laravel: how to generate https url
There is helper function secure_url()
. The secure_url
function generates a fully qualified HTTPS URL to the given path for e.g
$url = secure_url('user/profile');
Laravel: how to force HTTPS?
You need adding this to your .htaccess
file:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]
See this:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
Related Topics
Syntax Error While Defining an Array as a Property of a Class
Find First Character That Is Different Between Two Strings
How to Compress/Decompress a Long Query String in PHP
Request Headers Bag Is Missing Authorization Header in Symfony 2
Download CSV File Using "Ajax"
How to Remove the Url Protocol and Slash from User Input in PHP
Laravel 5.4 Field Doesn't Have a Default Value
Fatal Error: Call to Undefined Function Imap_Open() in PHP
Is MySQL_Real_Escape_String() Necessary When Using Prepared Statements
Jquery Using Ajax to Send Data and Save in PHP
PHP Share Variable Among Different Users/Sessions
Function to Return Only Alpha-Numeric Characters from String
Passing PHP Objects to JavaScript
How to Convert Word Smart Quotes and Em Dashes in a String
Php's Preg_Match() and Preg_Match_All() Functions
PHP Debug_Backtrace in Production Code to Get Information About Calling Method