Home > Back-end >  Make Laravel use HTTPs by default
Make Laravel use HTTPs by default

Time:12-17

I deployed my website, and used this code to enforce that the protocol used is HTTPs \Illuminate\Support\Facades\URL::forceScheme('https'); in the AppServiceProvider.

When I visit my website, it uses HTTP by default and I have to manually change 'http' to 'https' in the address bar and then the SSL certificate works fine and I can fill all forms securely.

How can I enforce that when the user visits the website, HTTPs runs not HTTP

CodePudding user response:

Add this tag to your root page head section.(home.blade.php,welcome.blade.php ...)

<head>
... other tags
    @if(env('APP_ENV') === 'production')
    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
    @endif
</head>

And inside boot function app/Providers/AppServiceProvider.php Add :

 public function boot()
    {
      if (env('APP_ENV') === 'production') {
          $this->app['request']->server->set('HTTPS', true);
      }
    }
}

CodePudding user response:

I used \Illuminate\Support\Facades\URL::forceScheme('https'); however, my first page was still loaded in HTTP and other subsequent requests were in HTTPs.

To fix this, I redirected the route at "/" to a clone route "/welcome" which returns the view which "/" was supposed to return. From that point onwards HTTPs is used.

I could not redirect HTTP to HTTPs in the server because I use Elastic beanstalk and the proposed commands in the /.ebextensions config file didnt work, so my solution is as close to fixing the problem as I could get

  • Related