Laravel 5 - redirect to HTTPS

Question

Working on my first Laravel 5 project and not sure where or how to place logic to force HTTPS on my app  The clincher here is that there are many domains pointing to the app and only two out of three use SSL  the third is a fallback domain  long story   So I d like to handle this in my app s logic rather than  htaccess   In Laravel 4 2 I accomplished the redirect with this code  located in filters php   App  before function  request        if    Request  secure                  return Redirect  secure Request  path                 I m thinking Middleware is where something like this should be implemented but I cannot quite figure this out using it   Thanks   UPDATE  If you are using Cloudflare like I am  this is accomplished by adding a new Page Rule in your control panel

User · Answer

for laravel 5 4 use this format to get https redirect instead of  htaccess  namespace App Providers   use Illuminate Support Facades URL  use Illuminate Support ServiceProvider   class AppServiceProvider extends ServiceProvider       public function boot                 URL  forceScheme  https

User · Answer

You can use RewriteRule to force ssl in  htaccess same folder with your index php Please add as picture attach  add it before all rule others

User · Answer

In Laravel 5 1  I used  File  app Providers AppServiceProvider php public function boot         if   this- gt isSecure               URL  forceSchema  https             public function isSecure          isSecure   false      if  isset   SERVER  HTTPS     amp  amp    SERVER  HTTPS       on              isSecure   true        elseif   empty   SERVER  HTTP X FORWARDED PROTO     amp  amp    SERVER  HTTP X FORWARDED PROTO       https      empty   SERVER  HTTP X FORWARDED SSL     amp  amp    SERVER  HTTP X FORWARDED SSL       on              isSecure   true             return  isSecure     NOTE  use forceSchema  NOT forceScheme

User · Answer

You can make it works with a Middleware class  Let me give you an idea   namespace MyApp Http Middleware   use Closure  use Illuminate Support Facades App   class HttpsProtocol        public function handle  request  Closure  next                    if    request- gt secure    amp  amp  App  environment        production                     return redirect  - gt secure  request- gt getRequestUri                                return  next  request              Then  apply this middleware to every request adding setting the rule at Kernel php file  like so   protected  middleware          Illuminate Foundation Http Middleware CheckForMaintenanceMode        Illuminate Cookie Middleware EncryptCookies        Illuminate Cookie Middleware AddQueuedCookiesToResponse        Illuminate Session Middleware StartSession        Illuminate View Middleware ShareErrorsFromSession           appending custom middleware       MyApp Http Middleware HttpsProtocol               At sample above  the middleware will redirect every request to https if    The current request comes with no secure protocol  http  If your environment is equals to production  So  just adjust the settings according to your preferences     Cloudflare  I am using this code in production environment with a WildCard SSL and the code works correctly  If  I remove  amp  amp  App  environment        production  and test it in localhost  the redirection also works  So  having or not a installed SSL is not the problem  Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol   Edit 23 03 2015  Thanks to  Adam Link s suggestion  it is likely caused by the headers that Cloudflare is passing  CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request  You need add another line in your Middleware that say      request- gt setTrustedProxies     request- gt getClientIp              to trust the headers CloudFlare is sending  This will stop the redirect loop  Edit 27 09 2016 - Laravel v5 3  Just need to add the middleware class into web group in kernel php file   protected  middlewareGroups          web    gt             Illuminate Cookie Middleware AddQueuedCookiesToResponse  class           Illuminate Session Middleware StartSession  class           Illuminate View Middleware ShareErrorsFromSession  class              here          MyApp Http Middleware HttpsProtocol  class                 Remember that web group is applied to every route by default  so you do not need to set web explicitly in routes nor controllers    Edit 23 08 2018 - Laravel v5 7   To redirect a request depending the environment you can use App  environment        production   For previous version was env  APP ENV        production   Using  URL  forceScheme  https    actually does not redirect  It just builds links with https    once the website is rendered

User · Answer

Alternatively  If you are using Apache then you can use  htaccess file to enforce your URLs to use https prefix  On Laravel 5 4  I added the following lines to my  htaccess file and it worked for me   RewriteEngine On  RewriteCond   HTTPS   on RewriteRule      https     HTTP HOST   REQUEST URI   L R 301

User · Answer

A little different approach  tested in Laravel 5 7   lt  php  namespace App Http Middleware   use Closure  use Illuminate Support Str   class ForceHttps                  Handle an incoming request                 param   Illuminate Http Request   request         param   Closure   next         return mixed             public function handle  request  Closure  next                    if     request- gt secure    amp  amp  Str  startsWith config  app url     https                      return redirect  - gt secure  request- gt getRequestUri                       return  next  request             PS  Code updated based on  matthias-lill s comments

User · Answer

If you re using CloudFlare  you can just create a Page Rule to always use HTTPS   This will redirect every http    request to https     In addition to that  you would also have to add something like this to your  app Providers AppServiceProvider php boot   function   if  env  APP ENV        production     env  APP ENV        dev           URL  forceScheme  https        This would ensure that every link   path in your app is using https    instead of http

User · Answer

The answers above didn t work for me  but it appears that Deniz Turan rewrote the  htaccess in a way that works with Heroku s load balancer here  https   www jcore com 2017 01 29 force-https-on-heroku-using-htaccess   RewriteEngine On RewriteCond   HTTPS    on RewriteRule   https     HTTP HOST   REQUEST URI   L R 301

User · Answer

What about just using  htaccess file to achieve https redirect  This should be placed in project root  not in public folder   Your server needs to be configured to point at project root directory     lt IfModule mod rewrite c gt     RewriteEngine On      Force SSL    RewriteCond   HTTPS    on    RewriteRule   https     HTTP HOST   REQUEST URI   L R 301       Remove public folder form URL    RewriteRule        public  1  L   lt  IfModule gt    I use this for laravel 5 4  latest version as of writing this answer  but it should continue to work for feature versions even if laravel change or removes some functionality

User · Answer

An other option that worked for me  in AppServiceProvider place this code in the boot method    URL  forceScheme  https      The function written before forceSchema  https   was wrong  its forceScheme

User · Answer

For Laravel 5 6  I had to change condition a little to make it work   from   if    request- gt secure    amp  amp  env  APP ENV        prod     return redirect  - gt secure  request- gt getRequestUri         To    if  empty   SERVER  HTTPS     amp  amp  env  APP ENV        prod     return redirect  - gt secure  request- gt getRequestUri

User · Answer

Similar to manix s answer but in one place  Middleware to force HTTPS namespace App Http Middleware   use Closure   use Illuminate Http Request   class ForceHttps                  Handle an incoming request                 param   Illuminate Http Request  request         param   Closure  next         return mixed             public function handle  request  Closure  next                if   app  - gt environment  local                     for Proxies             Request  setTrustedProxies   request- gt getClientIp                      Request  HEADER X FORWARDED ALL                if    request- gt isSecure                      return redirect  - gt secure  request- gt getRequestUri                                      return  next  request

User · Answer

in IndexController php put  public function getIndex Request  request        if   request- gt server  HTTP X FORWARDED PROTO       http              return redirect                  return view  index        in AppServiceProvider php put  public function boot          URL  forceSchema  https         In AppServiceProvider php every redirect will be go to url https and for http request we need once redirect so in IndexController php Just we need do once redirect

User · Answer

This worked out for me  I made a custom php code to force redirect it to https  Just include this code on the header php   lt  php if  isset   SERVER  HTTPS     amp  amp         SERVER  HTTPS       on       SERVER  HTTPS      1         isset   SERVER  HTTP X FORWARDED PROTO     amp  amp        SERVER  HTTP X FORWARDED PROTO       https        protocol    https        else      protocol    http         notssl    http      if  protocol   notssl        url    https     SERVER HTTP HOST   SERVER REQUEST URI     gt       lt script gt       window location href    lt  php echo  url  gt         lt  script gt     lt  php     gt

User · Answer

The easiest way would be at the application level  In the file   app Providers AppServiceProvider php   add the following   use Illuminate Support Facades URL    and in the boot   method add the following    this- gt app  request  - gt server- gt set  HTTPS   true   URL  forceScheme  https      This should redirect all request to https at the application level     Note  this has been tested with laravel 5 5 LTS

User · Answer

This is for Larave 5 2 x and greater  If you want to have an option to serve some content over HTTPS and others over HTTP here is a solution that worked for me  You may wonder  why would someone want to serve only some content over HTTPS  Why not serve everything over HTTPS    Although  it s totally fine to serve the whole site over HTTPS  severing everything over HTTPS has an additional overhead on your server  Remember encryption doesn t come cheap  The slight overhead also has an impact on your app response time  You could argue that commodity hardware is cheap and the impact is negligible but I digress    I don t like the idea of serving marketing content big pages with images etc over https  So here it goes  It s similar to what others have suggest above using middleware but it s a full solution that allows you to toggle back and forth between HTTP HTTPS   First create a middleware    php artisan make middleware ForceSSL   This is what your middleware should look like     lt  php  namespace App Http Middleware   use Closure   class ForceSSL        public function handle  request  Closure  next                 if    request- gt secure                  return redirect  - gt secure  request- gt getRequestUri                        return  next  request             Note that I m not filtering based on environment because I have HTTPS setup for both local dev and production so there is not need to    Add the following to your routeMiddleware  App Http Kernel php so that you can pick and choose which route group should force SSL       protected  routeMiddleware          auth    gt   App Http Middleware Authenticate  class       auth basic    gt   Illuminate Auth Middleware AuthenticateWithBasicAuth  class       can    gt   Illuminate Foundation Http Middleware Authorize  class       guest    gt   App Http Middleware RedirectIfAuthenticated  class       throttle    gt   Illuminate Routing Middleware ThrottleRequests  class       forceSSL    gt   App Http Middleware ForceSSL  class       Next  I d like to secure two basic groups login signup etc and everything else behind Auth middleware   Route  group array  middleware    gt   forceSSL    function       user auth   Route  get  login    AuthController showLogin    Route  post  login    AuthController doLogin        Password reset routes    Route  get  password reset  token     Auth PasswordController getReset    Route  post  password reset    Auth PasswordController postReset       other routes like signup etc        Route  group   middleware    gt    auth   forceSSL     function      Route  get  dashboard   function        return view  app dashboard        Route  get  logout    AuthController doLogout       other routes for your application       Confirm that your middlewares are applied to your routes properly from console   php artisan route list   Now you have secured all the forms or sensitive areas of your application  the key now is to use your view template to define your secure and public  non https  links    Based on the example above you would render your secure links as follows -    lt a href    secure url   login      gt Login lt  a gt   lt a href    secure url   signup      gt SignUp lt  a gt    Non secure links can be rendered as    lt a href    url   aboutus     false     gt About US lt  a gt  lt  li gt   lt a href    url   promotion     false     gt Get the deal now  lt  a gt  lt  li gt    What this does is renders a fully qualified URL such as https   yourhost login  and http   yourhost aboutus  If you were not render fully qualified URL with http and use a relative link url   aboutus   then https would persists after a user visits a secure site   Hope this helps

User · Answer

You can simple go to app - gt  Providers - gt  AppServiceProvider php add two lines use Illuminate Support Facades URL  URL  forceScheme  https    as shows in the following codes  use Illuminate Support Facades URL   class AppServiceProvider extends ServiceProvider      public function boot                 URL  forceScheme  https               any other codes here  does not matter

User · Answer

I found out that this worked for me  First copy this code in the  htaccess file   lt IfModule mod rewrite c gt  RewriteEngine On RewriteCond   SERVER PORT    443  RewriteRule        https     HTTP HOST   REQUEST URI   L R 301   lt  IfModule gt

User · Answer

This work for me in Laravel 7 x in 3 simple steps using a middleware   1  Generate the middleware with command php artisan make middleware ForceSSL  Middleware   lt  php  namespace App Http Middleware   use Closure  use Illuminate Support Facades App   class ForceSSL       public function handle  request  Closure  next                if    request- gt secure    amp  amp  App  environment        production                 return redirect  - gt secure  request- gt getRequestUri                        return  next  request             2  Register the middleware in routeMiddleware inside Kernel file  Kernel  protected  routeMiddleware                    ssl    gt   App Http Middleware ForceSSL  class       3  Use it in your routes  Routes  Route  middleware  ssl  - gt group function            All your routes here        here the full documentation about middlewares                             HTACCESS Method  If you prefer to use an  htaccess file  you can use the following code    lt IfModule mod rewrite c gt      RewriteEngine On      RewriteCond   SERVER PORT  80      RewriteRule        https   yourdomain com  1  R L   lt  IfModule gt    Regards

User · Answer

I am using in Laravel 5 6 28 next middleware   namespace App Http Middleware   use App Models Unit  use Closure  use Illuminate Http Request   class HttpsProtocol       public function handle  request  Closure  next                 request- gt setTrustedProxies   request- gt getClientIp     Request  HEADER X FORWARDED ALL            if    request- gt secure    amp  amp  env  APP ENV        prod                 return redirect  - gt secure  request- gt getRequestUri                        return  next  request

User · Answer

Here s how to do it on Heroku  To force SSL on your dynos but not locally  add to end of your  htaccess in public      Force https on heroku      Important fact  X-forwarded-Proto will exist at your heroku dyno but wont locally    Hence we want   if x-forwarded exists  amp  amp  if its not https  then rewrite it   RewriteCond   HTTP X-Forwarded-Proto    RewriteCond   HTTP X-Forwarded-Proto   https RewriteRule   https     HTTP HOST   REQUEST URI   L R 301    You can test this out on your local machine with   curl -H X-Forwarded-Proto  http  http   your-local-sitename-here   That sets the header X-forwarded to the form it will take on heroku   i e  it simulates how a heroku dyno will see a request   You ll get this response on your local machine    lt  DOCTYPE HTML PUBLIC  -  IETF  DTD HTML 2 0  EN  gt   lt html gt  lt head gt   lt title gt 301 Moved Permanently lt  title gt   lt  head gt  lt body gt   lt h1 gt Moved Permanently lt  h1 gt   lt p gt The document has moved  lt a href  https   tm3 localhost 8080   gt here lt  a gt   lt  p gt   lt  body gt  lt  html gt    That is a redirect  That is what heroku is going to give back to a client if you set the  htaccess as above   But it doesn t happen on your local machine because X-forwarded won t be set  we faked it with curl above to see what was happening

User · Answer

The easiest way to redirect to HTTPS with Laravel is by using  htaccess so all you have to do is add the following lines to your  htaccess file and you are good to go  RewriteEngine On RewriteCond   HTTPS    on RewriteRule   https     HTTP HOST   REQUEST URI   L R 301   Make sure you add it before the existing  default  code found in the  htaccess file  else HTTPS will not work  This is because the existing default  code already handles a redirect which redirects all traffic to the home page where the route then takes over depending on your URL so putting the code first means that  htaccess will first redirect all traffic to https before the route takes over

User · Answer

I m adding this alternative as I suffered a lot with this issue  I tried all different ways and nothing worked  So  I came up with a workaround for it  It might not be the best solution but it does work -     FYI  I am using Laravel 5 6   if  App  environment  production          URL  forceScheme  https        production  lt - It should be replaced with the APP ENV value in your  env file

[php] Laravel 5 - redirect to HTTPS

Examples related to php

Examples related to laravel

Examples related to laravel-routing

Examples related to laravel-5