middlewares/https

Middleware to redirect to https and adds the Strict-Transport-Security header

middlewares/https

![Software License][ico-license] ![Total Downloads][ico-downloads], _(*1)

Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking., _(*2)

Requirements

• PHP >= 7.2
• A PSR-7 http library
• A PSR-15 middleware dispatcher

Installation

This package is installable and autoloadable via Composer as middlewares/https., _(*3)

composer require middlewares/https

Example

$dispatcher = new Dispatcher([
    (new Middlewares\Https())
        ->includeSubdomains()
]);

$response = $dispatcher->dispatch(new ServerRequest());

Usage

This middleware accept a Psr\Http\Message\ResponseFactoryInterface as a constructor argument, to create the redirect responses. If it's not defined, Middleware\Utils\Factory will be used to detect it automatically., _(*4)

$responseFactory = new MyOwnResponseFactory();

//Detect the response factory automatically
$https = new Middlewares\Https();

//Use a specific factory
$htts = new Middlewares\Https($responseFactory);

maxAge

This option allow to define the value of max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year)., _(*5)

$threeYears = 31536000 * 3;

$https = (new Middlewares\Https())->maxAge($threeYears);

includeSubdomains

By default, the includeSubDomains directive is not included in the Strict-Transport-Security header. Use this function to change this behavior., _(*6)

$https = (new Middlewares\Https())->includeSubdomains();

preload

By default, the preload directive is not included in the Strict-Transport-Security header. Use this function to change this behavior., _(*7)

$https = (new Middlewares\Https())->preload();

checkHttpsForward

Enabling this option ignore requests containing the header X-Forwarded-Proto: https or X-Forwarded-Port: 443. This is specially useful if the site is behind a https load balancer., _(*8)

$https = (new Middlewares\Https())->checkHttpsForward();

redirect

This option returns a redirection response from http to https. It's enabled by default., _(*9)

//Disable redirections
$https = (new Middlewares\Https())->redirect(false);

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details., _(*10)

The MIT License (MIT). Please see LICENSE for more information., _(*11)