samsonasik/force-https-module

Force Https Module for Laminas Mvc and Mezzio application

4.1.1 2022-02-07 22:12 UTC

README

Latest Version ci build Code Coverage PHPStan Downloads

Introduction

ForceHttpsModule is a configurable module for force https in your Laminas Mvc and Mezzio Application.

This is README for version ^4.1 which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.4|~8.0.

For ~4.0.0, you can read at version 4.0.x readme which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.3|~8.0

For version ^3.0, you can read at version 3 readme which only support Laminas Mvc version 3 and Mezzio version 3 with php ^7.1.

For version ^2.0, you can read at version 2 readme which only support ZF3 and ZF Expressive version 3 with php ^7.1.

For version 1, you can read at version 1 readme which still support ZF2 and ZF Expressive version 1 and 2 with php ^5.6|^7.0 support.

Features

  • Enable/disable force https.
  • Force Https to All routes.
  • Force Https to All routes except exclusion list.
  • Force Https to specific routes only.
  • Keep headers, request method, and request body.
  • Enable/disable HTTP Strict Transport Security Header and set its value.
  • Allow add www. prefix during redirection from http or already https.
  • Allow remove www. prefix during redirection from http or already https.
  • Force Https for 404 pages

Installation

1. Require this module uses composer.

composer require samsonasik/force-https-module

2. Copy config

a. For Laminas Mvc application, copy force-https-module.local.php.dist config to your local's autoload and configure it

Or run copy command:

cp vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php

b. For Mezzio application, copy mezzio-force-https-module.local.php.dist config to your local's autoload and configure it

Or run copy command:

cp vendor/samsonasik/force-https-module/config/mezzio-force-https-module.local.php.dist config/autoload/mezzio-force-https-module.local.php

When done, you can modify your local config:

<?php
// config/autoload/force-https-module.local.php or config/autoload/mezzio-force-https-module.local.php
return [
    'force-https-module' => [
        'enable'                => true,
        'force_all_routes'      => true,
        'force_specific_routes' => [
            // only works if previous's config 'force_all_routes' => false
            'checkout',
            'payment'
        ],
        'exclude_specific_routes' => [
            // a lists of specific routes to not be https
            // only works if previous config 'force_all_routes' => true
            'non-https-route',
        ],
        // set HTTP Strict Transport Security Header
        'strict_transport_security' => [
            // set to false to disable it
            'enable' => true,
            'value'  => 'max-age=31536000',
        ],
        // set to true to add "www." prefix during redirection from http or already https
        'add_www_prefix'        => false,
        // remove existing "www." prefix during redirection from http or already https
        // only works if previous's config 'add_www_prefix' => false
        'remove_www_prefix'     => false,
        // Force Https for 404 pages
        'allow_404'             => true,
    ],
    // ...
];

3. Lastly, enable it

a. For Laminas Mvc application

// config/modules.config.php or config/application.config.php
return [
    'Application'
    'ForceHttpsModule', // register here
],

b. For Mezzio application

For mezzio-skeleton ^3.0, you need to open config/pipeline.php and add:

$app->pipe(ForceHttpsModule\Middleware\ForceHttps::class);

at the very first pipeline records.

Contributing

Contributions are very welcome. Please read CONTRIBUTING.md