Forcing non-SSL routes and redirects in Laravel

Published in Laravel on Feb 4, 2015

If you have SSL configured on your server, and you want to force non-ssl routes to be configured and redirected properly. You can do this by adding the following filter:

Copied!

1Route::filter('prevent.ssl', function () {
2    $request = Request::instance();
3    $request->setTrustedProxies([Request::server('REMOTE_ADDR')]);
4    if ($request->secure()) {
5        return Redirect::to(Request::getRequestUri(), 302, array(), false);
6    }
7});

Route::filter('prevent.ssl', function () {
    $request = Request::instance();
    $request->setTrustedProxies([Request::server('REMOTE_ADDR')]);
    if ($request->secure()) {
        return Redirect::to(Request::getRequestUri(), 302, array(), false);
    }
});

The reason we use setTrustedProxies is in the event that your application may be configured behing a Load Balancer or a Reverse Proxy, more information here.

Here is what it would look like within your application route:

Copied!

1Route::get('user', array('before' => 'prevent.ssl', function()
2{
3    return 'SSL no more!';
4}));

Route::get('user', array('before' => 'prevent.ssl', function()
{
    return 'SSL no more!';
}));

Moving forward that route will not load up the SSL version.