Jose Jimenez
Software Architect & Developer
> >

Forcing non-SSL routes and redirects in Laravel

Published in Laravel on Feb 4, 2015

If you have SSL configured on your server, and you want to force non-ssl routes to be configured and redirected properly. You can do this by adding the following filter:

Route::filter('prevent.ssl', function () {
    $request = Request::instance();
    $request->setTrustedProxies([Request::server('REMOTE_ADDR')]);
    if ($request->secure()) {
        return Redirect::to(Request::getRequestUri(), 302, array(), false);
    }
});

The reason we use setTrustedProxies is in the event that your application may be configured behing a Load Balancer or a Reverse Proxy, more information here.

Here is what it would look like within your application route:

Route::get('user', array('before' => 'prevent.ssl', function()
{
    return 'SSL no more!';
}));

Moving forward that route will not load up the SSL version.