I deployed my website, and used this code to enforce that the protocol used is HTTPs
\Illuminate\Support\Facades\URL::forceScheme('https');
in the AppServiceProvider.
When I visit my website, it uses HTTP by default and I have to manually change 'http' to 'https' in the address bar and then the SSL certificate works fine and I can fill all forms securely.
How can I enforce that when the user visits the website, HTTPs runs not HTTP
CodePudding user response:
Add this tag to your root page head section.(home.blade.php,welcome.blade.php ...)
<head>
... other tags
@if(env('APP_ENV') === 'production')
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
@endif
</head>
And inside boot function app/Providers/AppServiceProvider.php Add :
public function boot()
{
if (env('APP_ENV') === 'production') {
$this->app['request']->server->set('HTTPS', true);
}
}
}
CodePudding user response:
I used \Illuminate\Support\Facades\URL::forceScheme('https');
however, my first page was still loaded in HTTP and other subsequent requests were in HTTPs.
To fix this, I redirected the route at "/" to a clone route "/welcome" which returns the view which "/" was supposed to return. From that point onwards HTTPs is used.
I could not redirect HTTP to HTTPs in the server because I use Elastic beanstalk and the proposed commands in the /.ebextensions config file didnt work, so my solution is as close to fixing the problem as I could get