Force SSL Secure Routes in Laravel 5.2

Published 1 year ago by stargatesg1

I was looking for information on how to make all my routes redirect to SSL. I came across the following.
http://www.jeffmould.com/2016/01/31/laravel-5-2-forcing-https-routes-when-using-ssl/

It will redirect the site to SSL but none of the routes seem to work.

stargatesg1

I tried creating a Middleware class

namespace App\Http\Middleware;

use Closure;

class HttpsProtocol {

    public function handle($request, Closure $next)
    {
            if (!$request->secure() && env('APP_ENV') === 'prod') {
                return redirect()->secure($request->getRequestUri());
            }

            return $next($request); 
    }
}

Then in kernal.php added

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',

    // appending custom middleware 
    'MyApp\Http\Middleware\HttpsProtocol'       

];

But still didn't work. I found this on stackoverflow

http://stackoverflow.com/questions/28402726/laravel-5-redirect-to-https

When I go to any route it keeps coming up with 404 error. But Laravel is working because it redirects to /login when I access the root of the site.

fyfey
fyfey
1 year ago (8,310 XP)

It worked for me, have you got it working?

dilinator

A very simple solution that works perfectly for me, thanks!

FYI it's spelt 'Kernel.php', not sure if that is contributing to your errors. Also did you invoke the middleware either on the route declaration or in the constructor to the controller?

felipemarques

In AppServiceProvider put this in boot method:

\URL::forceSchema('https');

moka
moka
1 year ago (2,140 XP)

You want to do this at the web server level using 301 redirects from http:// to https://

Search engines will unindex the http links.

shzlot
FNGR2911

@felipemarques I alway get "[BadMethodCallException] Method forceSchema does not exist." if I try to start the server via artisan serve or when I try to deploy to heroku.

The middleware solutions tells me to many redirects on heroku...

Any other ideas?

EDIT://

okay, I found a nice working, easy and clean solution for laravel > 5.3 here: https://www.codecourse.com/forum/topics/force-ssl-laravel-andor-heroku

In your AppServiceProvider in the register method add:

if (env('APP_ENV') === 'production') {
        $this->app['request']->server->set('HTTPS', true);
}

works fine for me on heroku!

EDIT2:// okay, figured out the problem with "\URL::forceSchema('https');". In Laravel 5.4 the method is called "\URL::forceScheme('https');"

stwilson

Laravel 5.4:

namespace App\Providers;

use Illuminate\Support\Facades\URL;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    public function boot()
    {
        URL::forceScheme('https');
    }
ganganimaulik

Just do it with .htaccess file

http://stackoverflow.com/a/42870336/4004188

veloace

I would caution using the .htaccess file. I'm not sure that would work in, for example, an Elastic Beanstalk environment, where you have a load balancer that communicates on HTTPS with the public, but HTTP between the balancer and servers.

AucT
AucT
2 weeks ago (2,600 XP)

@FNGR2911 thanks. That worked. but better

if (config('app.env') === 'production') { $this->app['request']->server->set('HTTPS', true); }

aotar
aotar
1 week ago (4,910 XP)

Sometimes I get err_spdy_protocol_error when enabling HTTPS this way. Anyone know why?

kifabzar

use this in htaccess

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

دریل هیوندای

Sign In or create a forum account to participate in this discussion.