Laravel 5-重定向到HTTPS [英] Laravel 5 - redirect to HTTPS

问题描述

正在处理我的第一个Laravel 5项目，不确定在哪里或如何放置逻辑以在我的应用上强制使用HTTPS.关键在于，有许多域指向该应用程序，并且只有三分之二使用SSL(第三个是后备域，长话短说).因此，我想使用我的应用程序的逻辑而不是.htaccess来处理此问题.

Working on my first Laravel 5 project and not sure where or how to place logic to force HTTPS on my app. The clincher here is that there are many domains pointing to the app and only two out of three use SSL (the third is a fallback domain, long story). So I'd like to handle this in my app's logic rather than .htaccess.

在Laravel 4.2中，我使用位于filters.php的代码完成了重定向:

In Laravel 4.2 I accomplished the redirect with this code, located in filters.php:

App::before(function($request)
{
    if( ! Request::secure())
    {
        return Redirect::secure(Request::path());
    }
});

我在想应该在中间件上实现类似这样的东西，但是我不能完全理解使用它.

I'm thinking Middleware is where something like this should be implemented but I cannot quite figure this out using it.

谢谢！

更新

如果您像我一样使用Cloudflare，可以通过在控制面板中添加新的页面规则来实现.

If you are using Cloudflare like I am, this is accomplished by adding a new Page Rule in your control panel.

推荐答案

您可以使其与Middleware类一起使用.让我给你一个主意.

You can make it works with a Middleware class. Let me give you an idea.

namespace MyApp\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\App;

class HttpsProtocol {

    public function handle($request, Closure $next)
    {
            if (!$request->secure() && App::environment() === 'production') {
                return redirect()->secure($request->getRequestUri());
            }

            return $next($request); 
    }
}

然后，将此中间件应用于每个请求，并在Kernel.php文件中设置规则，如下所示:

Then, apply this middleware to every request adding setting the rule at Kernel.php file, like so:

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',

    // appending custom middleware 
    'MyApp\Http\Middleware\HttpsProtocol'       

];

在上述示例中，如果满足以下条件，则中间件会将每个请求重定向到https:

At sample above, the middleware will redirect every request to https if:

1. 当前请求没有安全协议(http)
2. 如果您的环境等于production.因此，只需根据您的喜好调整设置即可.

1. The current request comes with no secure protocol (http)
2. If your environment is equals to production. So, just adjust the settings according to your preferences.

Cloudflare

我在具有WildCard SSL的生产环境中使用此代码，并且该代码可以正常工作.如果删除&& App::environment() === 'production'并在localhost中对其进行测试，则重定向也将起作用.因此，是否安装SSL并不是问题.看来您需要非常注意Cloudflare层才能重定向到Https协议.

Cloudflare

I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && App::environment() === 'production' and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.

由于@Adam Link的建议:这很可能是由Cloudflare传递的标头引起的. CloudFlare可能会通过HTTP命中您的服务器，并传递X-Forwarded-Proto标头，该标头声明其正在转发HTTPS请求.您需要在中间件中添加另一行，说明...

Thanks to @Adam Link's suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say...

$request->setTrustedProxies( [ $request->getClientIp() ] ); 

...以信任CloudFlare正在发送的标头.这将停止重定向循环

...to trust the headers CloudFlare is sending. This will stop the redirect loop

只需将中间件类添加到kernel.php file中的web组中即可:

Just need to add the middleware class into web group in kernel.php file:

protected $middlewareGroups = [
    'web' => [
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,

        // here
        \MyApp\Http\Middleware\HttpsProtocol::class

    ],
];

请记住，web组默认情况下适用于每条路由，因此您无需在路由或控制器中显式设置web.

Remember that web group is applied to every route by default, so you do not need to set web explicitly in routes nor controllers.

编辑23/08/2018-Laravel v5.7

• 要根据环境重定向请求，可以使用App::environment() === 'production'.对于以前的版本是 env('APP_ENV') === 'production'.
• 使用\URL::forceScheme('https');实际上不会重定向.呈现网站后，它仅使用https://建立链接.

Edit 23/08/2018 - Laravel v5.7

• To redirect a request depending the environment you can use App::environment() === 'production'. For previous version was env('APP_ENV') === 'production'.
• Using \URL::forceScheme('https'); actually does not redirect. It just builds links with https:// once the website is rendered.

这篇关于Laravel 5-重定向到HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！