Is there any particular reason you don't want the whole site secure?
You could set up 301 redirects to https for the two specific routes in question, in the webserver config, and back to http for any other routes.. those rewrite rules might be a little bit complex though, and if you decide to add more routes to the list of secure routes in the future you'll need to adjust.
Or you could create some middleware to do it:
<?php
namespace App\Http\Middleware;
use Closure;
class ForceSSL
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->secure() && env('APP_ENV') == 'production') {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Add that middleware to the routes you need secured, and it'll handle the redirect. You'd probably also need to create one to redirect back to unsecured for other routes, and may need to (at least for testing purposes) exclude the second condition of the if statement so it works in other environments than just production. Obviously your server, in whatever environment, will need to be configured to accept https connections.