Skip to content

Latest commit

 

History

History
117 lines (89 loc) · 4.89 KB

README.md

File metadata and controls

117 lines (89 loc) · 4.89 KB
Raw

ForceHttpsModule

Latest Version Build Status Coverage Status PHPStan Downloads

Introduction

ForceHttpsModule is a configurable module for force https in your ZF2/ZF3 Mvc and ZF Expressive Application.

Features

  • Enable/disable force https.
  • Force Https to All routes.
  • Force Https to specific routes only.
  • Keep headers, request method, and request body.
  • Enable/disable HTTP Strict Transport Security Header and set its value.
  • Allow add www. prefix during redirection from http or already https.
  • Allow remove www. prefix during redirection from http or already https.

Installation

1. Require this module uses composer.

composer require samsonasik/force-https-module

2. Copy config

a. For ZF2/ZF3 Mvc application, copy force-https-module.local.php.dist config to your local's autoload and configure it

source destination
vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php

Or run copy command:

cp vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php

b. For ZF Expressive application, copy expressive-force-https-module.local.php.dist config to your local's autoload and configure it

source destination
vendor/samsonasik/force-https-module/config/expressive-force-https-module.local.php.dist config/autoload/expressive-force-https-module.local.php

Or run copy command:

cp vendor/samsonasik/force-https-module/config/expressive-force-https-module.local.php.dist config/autoload/expressive-force-https-module.local.php

When done, you can modify your local config:

<?php
// config/autoload/force-https-module.local.php or config/autoload/expressive-force-https-module.local.php
return [
    'force-https-module' => [
        'enable'                => true,
        'force_all_routes'      => true,
        'force_specific_routes' => [
            // only works if previous's config 'force_all_routes' => false
            'checkout',
            'payment'
        ],
        // set HTTP Strict Transport Security Header
        'strict_transport_security' => [
            // set to false to disable it
            'enable' => true,
            'value'  => 'max-age=31536000',
        ],
        // set to true to add "www." prefix during redirection from http or already https
        'add_www_prefix'        => false,
        // remove existing "www." prefix during redirection from http or already https
        // only works if previous's config 'add_www_prefix' => false
        'remove_www_prefix'     => false,
    ],
    // ...
];

3. Lastly, enable it

a. For ZF Mvc application

// config/modules.config.php or config/application.config.php
return [
    'Application'
    'ForceHttpsModule', // register here
],

b. For ZF Expressive application

For zend-expressive-skeleton ^1.0, It's should already just works!

For zend-expressive-skeleton ^2.0, you need to open config/pipeline.php and add:

$app->pipe(ForceHttpsModule\Middleware\ForceHttps::class);

at the very first pipeline records.

Contributing

Contributions are very welcome. Please read CONTRIBUTING.md