How to enforce HTTPS in Laravel

Installing SSL (URLs that start with https://) on your PHP project and implementing that in your code can be achieved by updating .htaccess file of your project but after updating that you have to face the problem to change most of the links of your website like css files, images and scripts because wherever they are declared in http format, after changing the .htacces to redirect your domain to HTTPS all those files wouldn’t be accessible but there is a very simple solution to enforce HTTPS in Laravel projects.

.htaccess Solution (Old school)

Add these lines in your .htacces file of the root directory of your project.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{www.example.com}%{REQUEST_URI} [L,R=301]

Replace www.example.com with domain of yours and whenever your domain is redirected to your project with http request it will  be forwarded to https. The problem you will face is that most of your external css files wouldn’t be accesible to your code so you have to go to master file and change all of your files path to https or in worst case if you doesn’t have a master file or there are more then one master files then you have to go to each file and update all those files.

Laravel Solution (Recommended)

The problem of enforcing HTTPS in Laravel can be handled in two ways.

Method 1: Using APP_ENV

One is that you just check environment of your project i.e \App::environment(‘local’) which is APP_ENV variable value in .env.

1st step is to open AppServiceProvider.php file which is located in app/Providers directory and go to boot method and check for environment if it is in production or any other you need i.e

if(\App::environment('production')) {

}

Now use Illuminate\Contracts\Routing\UrlGenerator; in AppServiceProvider file, and bind it to boot method in its parameter.

public function boot(UrlGenerator $url)
 {
 if(\App::environment('production')) {

}
 }

We will be using UrlGenerator contract for redirection. In UrlGenerator class there is a function forceScheme which accepts argument name of schema i.e https or http.

public function boot(UrlGenerator $url)
 {
 if(\App::environment('production')) {
 $url->forceScheme('https');
 }
 }

And that’s it. All of your project links would be redirected to HTTPS without changing any link in your project manually. On the other you can define a variable for it in .env file i.e ENFORCE_SSL and check if its true then enforce https. This method we discuss below.

Method 2: Using ENFORCE_SSL variable

The other method is to declare a variable in .env file called ENFORCE_SSL and assign it boolean value so whenever you assign it the value true, all links or URLs of your project will be redirected to https protocol and you don’t have to manually go and change all of your links to https, Laravel will take care of that itself. So to recap,

1. Go to your .env file and add this ENFORCE_SSL = false
2. Go to AppServiceProvider and add this at top use Illuminate\Contracts\Routing\UrlGenerator;
3. Add code below to boot method of AppServiceProvider class, you can use env helper function to read any variable from .env file i.e env(‘ENFORCE_SSL’, false). Second parameter is default value if that variable is not found.

Sample code given here.

public function boot(UrlGenerator $url)
 {
 if(env('ENFORCE_SSL', false)) {
 $url->forceScheme('https');
 }
 //remaining code of yours
 }

You can change value of ENFORCE_SSL to true anywhere you need to enforce HTTPS in Laravel.

References:

• https://laravel.com/docs/5.6/configuration
• https://laravel.com/api/5.6/Illuminate/Routing/UrlGenerator.html
• https://laravel.com/docs/5.6/urls

Hope you find this discussion useful. Let us know if you need to hire Laravel developers for your project.