Enforcing HTTPS in Laravel

When developing a Laravel application, ensuring that all traffic is securely routed over HTTPS is crucial, especially when multiple domains are involved. This guide will show you how to implement HTTPS redirection using middleware in Laravel.

Why Use Middleware?

Middleware provides a convenient way to filter HTTP requests entering your application. By using middleware, you can centralize your HTTPS redirection logic without modifying server configurations like .htaccess.

Creating the Middleware

To create a middleware that redirects HTTP requests to HTTPS, you can use the Artisan command:

php artisan make:middleware HttpsRedirectMiddleware

This command generates a new middleware file located at app/Http/Middleware/HttpsRedirectMiddleware.php. Open this file and implement the following logic:

namespace App\Http\Middleware;

use Closure;

class HttpsRedirectMiddleware {
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next) {
        // Check if the request is not secure and the app is in production
        if (!$request->secure() && app()->environment('production')) {
            // Redirect to the secure URL
            return redirect()->secure($request->getRequestUri());
        }
        return $next($request);
    }
}

Registering the Middleware

Next, you need to register your middleware in the app/Http/Kernel.php file. Add your new middleware to the web middleware group:

protected $middlewareGroups = [
    'web' => [
        // Other middleware...
        \\App\Http\Middleware\HttpsRedirectMiddleware::class,
    ],
];

Handling Cloudflare

If your application is behind Cloudflare, you might encounter issues where Laravel does not recognize secure requests due to the way Cloudflare handles headers. To address this, ensure that your application checks the HTTP_X_FORWARDED_PROTO header:

if ($request->header('X-Forwarded-Proto') === 'https') {
    // Treat the request as secure
}

Conclusion

By implementing this middleware, you can effectively enforce HTTPS across your Laravel application, ensuring secure connections for all users. This approach is especially useful when dealing with multiple domains, as it allows you to manage redirection logic within your application rather than relying on server configurations.

Additional Notes

Remember to test your application thoroughly to ensure that all routes are correctly redirected to HTTPS.
If you are using Cloudflare, consider setting up Page Rules to manage HTTPS settings directly from your Cloudflare dashboard for added flexibility.

Implementing HTTPS Redirection in Laravel with Middleware