How to Force Laravel Project to Use Https for All Routes

How to force Laravel Project to use HTTPS for all routes?

You can set 'url' => 'https://youDomain.com' in config/app.php or you could use a middleware class Laravel 5 - redirect to HTTPS.

Laravel 5 - redirect to HTTPS

You can make it works with a Middleware class. Let me give you an idea.

namespace MyApp\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\App;

class HttpsProtocol {

    public function handle($request, Closure $next)
    {
            if (!$request->secure() && App::environment() === 'production') {
                return redirect()->secure($request->getRequestUri());
            }

            return $next($request); 
    }
}

Then, apply this middleware to every request adding setting the rule at Kernel.php file, like so:

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',

    // appending custom middleware 
    'MyApp\Http\Middleware\HttpsProtocol'       

];

At sample above, the middleware will redirect every request to https if:

1. The current request comes with no secure protocol (http)
2. If your environment is equals to production. So, just adjust the settings according to your preferences.

Cloudflare

I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && App::environment() === 'production' and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.

Edit 23/03/2015

Thanks to @Adam Link's suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say...

$request->setTrustedProxies( [ $request->getClientIp() ] ); 

...to trust the headers CloudFlare is sending. This will stop the redirect loop

Edit 27/09/2016 - Laravel v5.3

Just need to add the middleware class into web group in kernel.php file:

protected $middlewareGroups = [
    'web' => [
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        // here
        \MyApp\Http\Middleware\HttpsProtocol::class

    ],
];

Remember that web group is applied to every route by default, so you do not need to set web explicitly in routes nor controllers.

Edit 23/08/2018 - Laravel v5.7

• To redirect a request depending the environment you can use App::environment() === 'production'. For previous version was
  env('APP_ENV') === 'production'.
• Using \URL::forceScheme('https'); actually does not redirect. It just builds links with https:// once the website is rendered.

Laravel Use HTTPS

There are few things you need to make sure working :

1. Is your route working in standard HTTP mode without index.php in url. Like sometimes laravel.com/aboutus does no work but laravel.com/index.php/aboutus works. If its the case, you need to enable mod_rewrites in php and then add AllowOverride All in your virtualhost configurations and restart apache.
2. Coming to HTTPS, what you have setup in laravel will make laravel request forwarded to a secure HTTPS url. However, your server must be able listen, handle and respond to HTTPS request.
3. You need to enable yoru virtualhost to listen to port 443 which is the SSL port. Also, if you have SSL certificates, those need to be configured as well.
4. Before knowing if laravel works on HTTPS, make a simple php file and try to access it using HTTPS of the server url. If that works then you can check whats wrong in laravel. If that does not, then SSL is no configured correctly on your server.
5. Lastly, check .htaccess rewrite conditions.
6. php artisan config:clear and php artisan route:cache

Hope this helps to debug this

Laravel generate secure https URL from route

Actually turns out, that laravel doesn't care if url is secure or not, because it generates based on the current url. If you're on https page, route() will return secure url. If on http, then http:// url

The problem was, that Laravel didn't detect that https was enabled, which was due to faulty server configuration.

You can check if Laravel sees the current connection as https by calling Request::isSecure();

Laravel: how to generate https url

There is helper function secure_url(). The secure_url function generates a fully qualified HTTPS URL to the given path for e.g

$url = secure_url('user/profile');

Laravel: how to force HTTPS?

You need adding this to your .htaccess file:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]

See this:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

---

Related Topics