Redirect http to https in laravel 5.2
Solution 1
Your HTTP to HTTPS redirect needs to go near the top of your .htaccess
file, immediately after the RewriteEngine
directive and, importantly, before the Laravel front controller.
As a general rule, external redirects should always go before internal rewrites.
The front controller catches all requests (or rather requests that don't map to a physical file or directory) and rewrites these to index.php
(that ultimately handles the routeing). The problem is that your HTTP to HTTPS redirect occurs later and converts the now rewritten URL into an external redirect to index.php
.
Likewise, your # Handle Authorization Header
block should also go before the front controller (ideally). (It will work in its current state, in per-directory .htaccess
files, due to the looping nature of .htaccess
files, but if you moved these directives to the server config it would fail.)
Solution 2
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Add the above two lines just below RewriteEngine On
in your .htaccess
file. It will automatically redirect any traffic destined for http: to https:
Finally, your .htaccess file will look like the following
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Redirect to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Juan Lopez
Updated on June 04, 2022Comments
-
Juan Lopez almost 2 years
I have a Laravel 5.2 project. Recently, I installed an SSL certificate on my website so when I type
https://example.com
in the browser it works but when I writeexample.com
, it connects by HTTP.To fix that, I added these lines to my
.htaccess
file:RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
After that, when I type
example.com
, the browser redirects me tohttps://example.com
. That's perfect.The problem is when I try to access the URL
http://example.com/download/get/book/volume2
, it doesn't redirect me to HTTPS. It redirects me to the index page. If I add thes
ofhttps
in the URL it works fine but I need the app to redirect me from HTTP to HTTPS.The route in routes file:
Route::get('download/get/book/{book}'
That route opens a PDF file that I have in
privates/storage
folder in the browser's tab.EDIT:
My .htaccess file:
<IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # require SSL RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
Juan Lopez almost 7 yearsThanks for your aswer. I made the changes you said but it still doesn't work.
-
MrWhite almost 7 yearsMake sure you clear your browser cache before testing. The earlier (erroneous) 301s will have been cached by the browser. (It is often preferable to test with 302s for this reason - to avoid the cache.)
-
Sundar almost 4 yearsThis solution is working for me. # Redirect to https RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
-
Loganathan Natarajan over 3 yearsit worked to me fine in my shared hosting server
-
MrWhite over 2 yearsThis doesn't add anything that the existing answer does not already address. In fact, the subtle changes you've made to the HTTP to HTTPS directive are incorrect. For some reason, you've changed the 301 (permanent) redirect to an implied 302 (temporary) redirect. This is fine for testing, but the redirect should be a 301 in production. You've also changed the
RewriteRule
pattern from^
to(.*)
- why?^
is much more efficient here. The regex(.*)
unnecessarily traverses the entire URL-path and captures a backreference, which is not being used in the directive.