middlewares/https
Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
Requirements
- PHP >= 7.0
- A PSR-7 http library
- A PSR-15 middleware dispatcher
Installation
This package is installable and autoloadable via Composer as middlewares/https.
composer require middlewares/httpsExample
$dispatcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
]);
$response = $dispatcher->dispatch(new ServerRequest());Options
maxAge(int $maxAge)
max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year).
includeSubdomains(bool $includeSubdomains = true)
Set true to add the includeSubDomains directive to the Strict-Transport-Security header (false by default)
preload(bool $preload = true)
Set true to add the preload directive to the Strict-Transport-Security header (false by default)
checkHttpsForward(bool $checkHttpsForward = true)
If it's true and the request contains the headers X-Forwarded-Proto: https or X-Forwarded-Port: 443, no redirection is returned. This prevent problems with Https load balancer.
redirect(bool $redirect = true)
Enabled (true) or disable (false) redirecting all together.
responseFactory(Psr\Http\Message\ResponseFactoryInterface $responseFactory)
A PSR-17 factory to create the redirect response.
Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.