middlewares/https
Middleware to redirect to https
if the request is http
and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
Requirements
- PHP >= 7.0
- A PSR-7 http library
- A PSR-15 middleware dispatcher
Installation
This package is installable and autoloadable via Composer as middlewares/https.
composer require middlewares/https
Example
$dispatcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
]);
$response = $dispatcher->dispatch(new ServerRequest());
Options
maxAge(int $maxAge)
max-age
directive for the Strict-Transport-Security
header. By default is 31536000
(1 year).
includeSubdomains(bool $includeSubdomains = true)
Set true
to add the includeSubDomains
directive to the Strict-Transport-Security
header (false
by default)
preload(bool $preload = true)
Set true
to add the preload
directive to the Strict-Transport-Security
header (false
by default)
checkHttpsForward(bool $checkHttpsForward = true)
If it's true
and the request contains the headers X-Forwarded-Proto: https
or X-Forwarded-Port: 443
, no redirection is returned. This prevent problems with Https load balancer.
redirect(bool $redirect = true)
Enabled (true
) or disable (false
) redirecting all together.
responseFactory(Psr\Http\Message\ResponseFactoryInterface $responseFactory)
A PSR-17 factory to create the redirect response.
Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.