Middleware to redirect to https
if the request is http
and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
- PHP >= 7.2
- A PSR-7 http library
- A PSR-15 middleware dispatcher
This package is installable and autoloadable via Composer as middlewares/https.
composer require middlewares/https
$dispatcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
]);
$response = $dispatcher->dispatch(new ServerRequest());
This middleware accept a Psr\Http\Message\ResponseFactoryInterface
as a constructor argument, to create the redirect responses. If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.
$responseFactory = new MyOwnResponseFactory();
//Detect the response factory automatically
$https = new Middlewares\Https();
//Use a specific factory
$htts = new Middlewares\Https($responseFactory);
This option allow to define the value of max-age
directive for the Strict-Transport-Security
header. By default is 31536000
(1 year).
$threeYears = 31536000 * 3;
$https = (new Middlewares\Https())->maxAge($threeYears);
By default, the includeSubDomains
directive is not included in the Strict-Transport-Security
header. Use this function to change this behavior.
$https = (new Middlewares\Https())->includeSubdomains();
By default, the preload
directive is not included in the Strict-Transport-Security
header. Use this function to change this behavior.
$https = (new Middlewares\Https())->preload();
Enabling this option ignore requests containing the header X-Forwarded-Proto: https
or X-Forwarded-Port: 443
. This is specially useful if the site is behind a https load balancer.
$https = (new Middlewares\Https())->checkHttpsForward();
This option returns a redirection response from http
to https
. It's enabled by default.
//Disable redirections
$https = (new Middlewares\Https())->redirect(false);
Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.