samsonasik / force-https-module
Force Https Module for Laminas Mvc and Mezzio application
Fund package maintenance!
samsonasik
Installs: 7 633
Dependents: 0
Suggesters: 0
Security: 0
Stars: 16
Watchers: 2
Forks: 1
Open Issues: 0
Requires
- php: ^7.4|^8.0
- webmozart/assert: ^1.9
Requires (Dev)
- kahlan/kahlan: ^5.2
- laminas/laminas-coding-standard: ^2.0
- laminas/laminas-mvc: ^3.0
- mezzio/mezzio: ^3.0
- php-coveralls/php-coveralls: ^2.1
- phpstan/phpstan: ^1.1
- phpstan/phpstan-webmozart-assert: ^1.0
- rector/rector: 0.12.7
Conflicts
- laminas/laminas-mvc: <3.0
- mezzio/mezzio: <3.0
This package is auto-updated.
Last update: 2024-10-14 06:09:09 UTC
README
Introduction
ForceHttpsModule is a configurable module for force https in your Laminas Mvc and Mezzio Application.
This is README for version ^4.1 which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.4|~8.0.
For ~4.0.0, you can read at version 4.0.x readme which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.3|~8.0
For version ^3.0, you can read at version 3 readme which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.1.
For version ^2.0, you can read at version 2 readme which only support ZF3 and ZF Expressive version 3 with php ^7.1.
For version 1, you can read at version 1 readme which still support ZF2 and ZF Expressive version 1 and 2 with php ^5.6|^7.0 support.
Features
- Enable/disable force https.
- Force Https to All routes.
- Force Https to All routes except exclusion list.
- Force Https to specific routes only.
- Keep headers, request method, and request body.
- Enable/disable HTTP Strict Transport Security Header and set its value.
- Allow add
www.prefix during redirection from http or already https. - Allow remove
www.prefix during redirection from http or already https. - Force Https for 404 pages
Installation
1. Require this module uses composer.
composer require samsonasik/force-https-module
2. Copy config
a. For Laminas Mvc application, copy force-https-module.local.php.dist config to your local's autoload and configure it
Or run copy command:
cp vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php
b. For Mezzio application, copy mezzio-force-https-module.local.php.dist config to your local's autoload and configure it
Or run copy command:
cp vendor/samsonasik/force-https-module/config/mezzio-force-https-module.local.php.dist config/autoload/mezzio-force-https-module.local.php
When done, you can modify your local config:
<?php // config/autoload/force-https-module.local.php or config/autoload/mezzio-force-https-module.local.php return [ 'force-https-module' => [ 'enable' => true, 'force_all_routes' => true, 'force_specific_routes' => [ // only works if previous's config 'force_all_routes' => false 'checkout', 'payment' ], 'exclude_specific_routes' => [ // a lists of specific routes to not be https // only works if previous config 'force_all_routes' => true 'non-https-route', ], // set HTTP Strict Transport Security Header 'strict_transport_security' => [ // set to false to disable it 'enable' => true, 'value' => 'max-age=31536000', ], // set to true to add "www." prefix during redirection from http or already https 'add_www_prefix' => false, // remove existing "www." prefix during redirection from http or already https // only works if previous's config 'add_www_prefix' => false 'remove_www_prefix' => false, // Force Https for 404 pages 'allow_404' => true, ], // ... ];
3. Lastly, enable it
a. For Laminas Mvc application
// config/modules.config.php or config/application.config.php return [ 'Application' 'ForceHttpsModule', // register here ],
b. For Mezzio application
For mezzio-skeleton ^3.0, you need to open config/pipeline.php and add:
$app->pipe(ForceHttpsModule\Middleware\ForceHttps::class);
at the very first pipeline records.
Contributing
Contributions are very welcome. Please read CONTRIBUTING.md