ForceHttpsModule is a configurable module for force https in your Laminas Mvc and Mezzio Application.
This is README for version ^4.0 which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.3|~8.0.
For version ^3.0, you can read at version 3 readme which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.1.
For version ^2.0, you can read at version 2 readme which only support ZF3 and ZF Expressive version 3 with php ^7.1.
For version 1, you can read at version 1 readme which still support ZF2 and ZF Expressive version 1 and 2 with php ^5.6|^7.0 support.
- Enable/disable force https.
- Force Https to All routes.
- Force Https to All routes except exclusion list.
- Force Https to specific routes only.
- Keep headers, request method, and request body.
- Enable/disable HTTP Strict Transport Security Header and set its value.
- Allow add
www.
prefix during redirection from http or already https. - Allow remove
www.
prefix during redirection from http or already https. - Force Https for 404 pages
1. Require this module uses composer.
composer require samsonasik/force-https-module
2. Copy config
a. For Laminas Mvc application, copy force-https-module.local.php.dist
config to your local's autoload and configure it
source | destination |
---|---|
vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist | config/autoload/force-https-module.local.php |
Or run copy command:
cp vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php
b. For Mezzio application, copy mezzio-force-https-module.local.php.dist
config to your local's autoload and configure it
source | destination |
---|---|
vendor/samsonasik/force-https-module/config/mezzio-force-https-module.local.php.dist | config/autoload/mezzio-force-https-module.local.php |
Or run copy command:
cp vendor/samsonasik/force-https-module/config/mezzio-force-https-module.local.php.dist config/autoload/mezzio-force-https-module.local.php
When done, you can modify your local config:
<?php
// config/autoload/force-https-module.local.php or config/autoload/mezzio-force-https-module.local.php
return [
'force-https-module' => [
'enable' => true,
'force_all_routes' => true,
'force_specific_routes' => [
// only works if previous's config 'force_all_routes' => false
'checkout',
'payment'
],
'exclude_specific_routes' => [
// a lists of specific routes to not be https
// only works if previous config 'force_all_routes' => true
'non-https-route',
],
// set HTTP Strict Transport Security Header
'strict_transport_security' => [
// set to false to disable it
'enable' => true,
'value' => 'max-age=31536000',
],
// set to true to add "www." prefix during redirection from http or already https
'add_www_prefix' => false,
// remove existing "www." prefix during redirection from http or already https
// only works if previous's config 'add_www_prefix' => false
'remove_www_prefix' => false,
// Force Https for 404 pages
'allow_404' => true,
],
// ...
];
3. Lastly, enable it
a. For Laminas Mvc application
// config/modules.config.php or config/application.config.php
return [
'Application'
'ForceHttpsModule', // register here
],
b. For Mezzio application
For mezzio-skeleton ^3.0, you need to open config/pipeline.php
and add:
$app->pipe(ForceHttpsModule\Middleware\ForceHttps::class);
at the very first pipeline records.
Contributions are very welcome. Please read CONTRIBUTING.md