Laravel 5 - redirect to HTTPS

for laravel 5.4 use this format to get https redirection instead of .htaccess

 namespace App\Providers; use Illuminate\Support\Facades\URL; use Illuminate\Support\ServiceProvider; class AppServiceProvider extends ServiceProvider { public function boot() { URL::forceScheme('https'); } } 

As in manix, but in one place. Medium Push HTTPS Software

 namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; class ForceHttps { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!app()->environment('local')) { // for Proxies Request::setTrustedProxies([$request->getClientIp()]); if (!$request->isSecure()) { return redirect()->secure($request->getRequestUri()); } } return $next($request); } } 

This is for Larave 5.2.x and higher. If you want to be able to serve some content over HTTPS and another over HTTP, here is a solution that worked for me. You may wonder why someone wants to serve only some content via HTTPS? Why not serve everything over HTTPS?

Although serving the entire site via HTTPS is quite normal, interrupting everything over HTTPS has additional costs on your server. Remember that encryption is not cheap. Slight overhead also affects the response time of your application. You can argue that the hardware is cheap and the impact is negligible, but I digress :) I do not like the idea of ​​showing on large pages with images, etc. Via https. So there you go. This is similar to what others offer above using middleware, but it is a complete solution that allows you to switch between HTTP / HTTPS.

Create middleware first.

 php artisan make:middleware ForceSSL 

Here's what your middleware should look like.

 <?php namespace App\Http\Middleware; use Closure; class ForceSSL { public function handle($request, Closure $next) { if (!$request->secure()) { return redirect()->secure($request->getRequestUri()); } return $next($request); } } 

Please note that I do not filter based on the environment, because I have HTTPS settings for both the local developer and production, so there is no need.

Add the following to your routeMiddleware \ App \ Http \ Kernel.php so that you can choose which route group should use SSL.

  protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'forceSSL' => \App\Http\Middleware\ForceSSL::class, ]; 

Next, I would like to provide two main groups of login / registration, etc. And everything else is behind Auth middleware.

 Route::group(array('middleware' => 'forceSSL'), function() { /*user auth*/ Route::get('login', 'AuthController@showLogin'); Route::post('login', 'AuthController@doLogin'); // Password reset routes... Route::get('password/reset/{token}', 'Auth\PasswordController@getReset'); Route::post('password/reset', 'Auth\PasswordController@postReset'); //other routes like signup etc }); Route::group(['middleware' => ['auth','forceSSL']], function() { Route::get('dashboard', function(){ return view('app.dashboard'); }); Route::get('logout', 'AuthController@doLogout'); //other routes for your application }); 

Make sure your middleware is correctly applied to your routes from the console.

 php artisan route:list 

You have now protected all forms or confidential areas of your application. The key now is to use the view template to define secure and public (non-https) links.

Based on the above example, you would make your protected links as follows:

 <a href="{{secure_url('/login')}}">Login</a> <a href="{{secure_url('/signup')}}">SignUp</a> 

Unprotected links can be represented as

 <a href="{{url('/aboutus',[],false)}}">About US</a></li> <a href="{{url('/promotion',[],false)}}">Get the deal now!</a></li> 

This makes the full url such as https: // yourhost / login and http: // yourhost / aboutus

If you have not provided a fully qualified URL with http and use the relative URL of the link ('/ aboutus'), then https will be saved after the user visits the protected site.

Hope this helps!

How about using a .htaccess file to redirect https? This should be placed in the root of the project (not in the shared folder). Your server must be configured to point to the project root directory.

 <IfModule mod_rewrite.c> RewriteEngine On # Force SSL RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Remove public folder form URL RewriteRule ^(.*)$ public/$1 [L] </IfModule> 

I use this for laravel 5.4 (the latest version for writing this answer), but it should continue to work for function versions, even if laravel modifies or removes some functions.

You can use RewriteRule to force ssl in the same .htaccess folder with your index.php
Please add how to attach the image, add it before all the rules are different

in IndexController.php put

 public function getIndex(Request $request) { if ($request->server('HTTP_X_FORWARDED_PROTO') == 'http') { return redirect('/'); } return view('index'); } 

in the AppServiceProvider.php application

 public function boot() { \URL::forceSchema('https'); 

}

In AppServiceProvider.php, each redirect will go to the https URL and for the HTTP request that we need, as soon as the redirection is therefore in IndexController.php We just need to do the redirection once

The answers above did not help me, but it seems that Denise Turan rewrote .htaccess in a way that works with the Heroku download platform: https://www.jcore.com/2017/01/29/force-https-on-heroku-using -htaccess /

 RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Here's how to do it on Heroku

To force SSL on your speakers, but not locally, add at the end of your .htaccess to public /:

 # Force https on heroku... # Important fact: X-forwarded-Proto will exist at your heroku dyno but wont locally. # Hence we want: "if x-forwarded exists && if its not https, then rewrite it": RewriteCond %{HTTP:X-Forwarded-Proto} . RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

You can check this on your local machine with:

 curl -H"X-Forwarded-Proto: http" http://your-local-sitename-here 

This sets the X-forwarded heading to the form that it will take on the hero.

those. he imitates as heroku dictates, he sees a request.

You will receive a response on your local computer:

 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://tm3.localhost:8080/">here</a>.</p> </body></html> 

This is a redirect. This is what the hero is about to return to the client if you install .htaccess as described above. But this does not happen on your local machine, because X-forwarded will not be installed (we faked it with the curl above to see what happens).

For Laravel 5.6, I had to change the state a bit to make it work.

from:

 if (!$request->secure() && env('APP_ENV') === 'prod') { return redirect()->secure($request->getRequestUri()); } 

In order to:

 if (empty($_SERVER['HTTPS']) && env('APP_ENV') === 'prod') { return redirect()->secure($request->getRequestUri()); } 

It worked for me. I created my own PHP code to redirect it to https. Just include this code in header.php

 <?php if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $protocol = 'https://'; } else { $protocol = 'http://'; } $notssl = 'http://'; if($protocol==$notssl){ $url = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";?> <script> window.location.href ='<?php echo $url?>'; </script> <?php } ?> 

If you use CloudFlare, you can simply create a page rule to always use HTTPS: This redirects each http: // request to https: //

In addition to this, you should also add something like this to the \ app \ Providers \ AppServiceProvider.php boot () function:

 if (env('APP_ENV') === 'production' || env('APP_ENV') === 'dev') { \URL::forceScheme('https'); } 

This ensures that every link / path in your application uses https: // instead of http: //.

I am adding this alternative as I suffer a lot from this problem. I tried everything differently and nothing worked. So, I came up with a workaround for this. It may not be the best solution, but it really works -

FYI, I am using Laravel 5.6

 if (App::environment('production')) { URL::forceScheme('https'); } 

production <- It should be replaced by the value of APP_ENV in your .ENV file

I use the following middleware in Laravel 5.6.28:

 namespace App\Http\Middleware; use App\Models\Unit; use Closure; use Illuminate\Http\Request; class HttpsProtocol { public function handle($request, Closure $next) { $request->setTrustedProxies([$request->getClientIp()], Request::HEADER_X_FORWARDED_ALL); if (!$request->secure() && env('APP_ENV') === 'prod') { return redirect()->secure($request->getRequestUri()); } return $next($request); } } 

A slightly different approach tested in Laravel 5.7

 <?php namespace App\Http\Middleware; use Closure; class ForceHttps { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $app_url = env('APP_URL'); if ( !$request->secure() && substr($app_url, 0, 8) === 'https://' ) { return redirect()->secure($request->getRequestUri()); } return $next($request); } }