Laravel: how to force HTTPS?
Solution 1
You need adding this to your .htaccess
file:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]
See this: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
Solution 2
Try adding this code in your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Solution 3
When you want to Render all URLs with https the simplest method is to
use the code below in the boot()
function of app/Providers/AppServiceProvider.php
:
\URL::forceScheme('https');
Solution 4
Change your domain in .htaccess by:
RewriteCond %{HTTP_HOST} mydomain.com [NC]
RewriteRule ^(.*)$ https://mydomain/$1 [R,L]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Added to Force HTTPS
RewriteCond %{HTTP_HOST} mydomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain/$1 [R,L]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
Solution 5
Add this to the boot method in AppServiceProvider
if($this->app->environment('production'))
{
$this->app['request']->server->set('HTTPS','on');
}
realtebo
italian programmer with a lot of experience in - php [Laravel, Yii Framework] - sql - .NET (C# and VB) - javascript [VueJs, jQuery] Base knowledge of Android and Windows Apps developing
Updated on July 07, 2021Comments
-
realtebo almost 3 years
I'm starting to develop a new big app, and I'm using Laravel this time, and it's the first time.
I need to force HTTPS for all pages, it's not important if from code or by .htaccess, but I'm not able to find a simple tutorial.
The official docs dosn't speak about this problem.
For info, my acutal .htaccess is
<IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule>
My question is specific to Laravel 5, because I ve no idea on where and how modify this .htaccess file. And also I'am asking you if this is the right way for Laravel or if Laravel has something specific to setup to handle HTTPs.
So please do not close my question and try to be more adherent to the Laravel specific topic.
If you can post a simple way to modify this file AND/OR What to modify in Laravel config to properly handle https.
But in short yes, I want to force every call to transit on HTTPS.
-
realtebo almost 7 yearsSorry but I want something specific for Laravel setup.
-
realtebo almost 7 yearsWhere? And Laravel doesn't it need some specific config?
-
realtebo almost 7 yearsWhere? And does Laravel need some specific config?
-
Bhaumik Pandhi almost 7 yearsYou need to add it in .htaccess file, no Laravel don't need specific config.
-
realtebo almost 7 yearsWith "Where ?" I mean: in which point of my .htaccess? And also, could is it better your code or the one of the answer of Pandhi Bhaumik?
-
realtebo almost 7 yearsalso: is it better your code or the code from the answer of Mortadda Jafar?
-
Mortada Jafar almost 7 years@realtebo before last tag it's mean : (</IfModule>) and i used this code for my site
-
Magige Daniel about 6 yearsGreat answer! sorted me like a charm
-
Frank Yucheng Gu about 4 yearsWhat exactly are you trying to fix/achieve? What is this configuration for?
-
MrWhite over 3 yearsThe last
RewriteRule
directive is malformed and cannot possibly work as intended (it will trigger a 500 error due to incorrect flags). The directives are also in the wrong order. -
MrWhite over 3 yearsYou would only use these directives if you are behind an SSL proxy - this is not mentioned in the question.
-
MrWhite over 3 years"before last tag it's mean : (
</IfModule>
)" - This is incorrect. If you put this rule at the end, "before the last tag", it will only get processed for requests to static resources. Your URLs that get routed through Laravel won't be redirected. This rule needs to go near the top of the file (logically, after theRewriteEngine On
directive). -
MrWhite over 3 years@realtebo This is arguably the better solution, although you probably won't notice any difference, except that the other code uses a 302 (temporary) redirect, as opposed to a 301 (permanent) redirect. An HTTP to HTTPS redirect should be a 301. This code uses a more efficient regex and does not reply on a capturing backreference to the
RewriteRule
pattern, so will work without alteration in more situations (other directories, server config, etc.). It also redirects to the same hostname - a requirement if implementing HSTS - but could result in an unnecessary additional redirect if not. -
trainoasis about 3 yearsThis does not force https, one can still visit on http:// ...
-
trainoasis about 3 yearsNothing changed when this was added.. (laravel 8)
-
shazim ali over 2 yearsNot work for me
-
Amitesh Bharti over 2 years@shazimali in the latest version this may be got change, try this robindirksen.com/blog/…