Forcing non-SSL routes and redirects in Laravel
Published
in Laravel
on Feb 4, 2015
If you have SSL configured on your server, and you want to force non-ssl routes to be configured and redirected properly. You can do this by adding the following filter:
Route::filter('prevent.ssl', function () {
$request = Request::instance();
$request->setTrustedProxies([Request::server('REMOTE_ADDR')]);
if ($request->secure()) {
return Redirect::to(Request::getRequestUri(), 302, array(), false);
}
});
The reason we use setTrustedProxies
is in the event that your application may be configured behing a Load Balancer or a Reverse Proxy, more information here.
Here is what it would look like within your application route:
Route::get('user', array('before' => 'prevent.ssl', function()
{
return 'SSL no more!';
}));
Moving forward that route will not load up the SSL version.