Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
- PHP >= 7.2
- A PSR-7 http library
- A PSR-15 middleware dispatcher
This package is installable and autoloadable via Composer as middlewares/https.
composer require middlewares/https$dispatcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
]);
$response = $dispatcher->dispatch(new ServerRequest());This middleware accept a Psr\Http\Message\ResponseFactoryInterface as a constructor argument, to create the redirect responses. If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.
$responseFactory = new MyOwnResponseFactory();
//Detect the response factory automatically
$https = new Middlewares\Https();
//Use a specific factory
$htts = new Middlewares\Https($responseFactory);This option allow to define the value of max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year).
$threeYears = 31536000 * 3;
$https = (new Middlewares\Https())->maxAge($threeYears);By default, the includeSubDomains directive is not included in the Strict-Transport-Security header. Use this function to change this behavior.
$https = (new Middlewares\Https())->includeSubdomains();By default, the preload directive is not included in the Strict-Transport-Security header. Use this function to change this behavior.
$https = (new Middlewares\Https())->preload();Enabling this option ignore requests containing the header X-Forwarded-Proto: https or X-Forwarded-Port: 443. This is specially useful if the site is behind a https load balancer.
$https = (new Middlewares\Https())->checkHttpsForward();This option returns a redirection response from http to https. It's enabled by default.
//Disable redirections
$https = (new Middlewares\Https())->redirect(false);Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.