🔗 Configurable module for force https in your ZF2/ZF3 Mvc and ZF Expressive Application.
PHP
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
config
spec
src
.coveralls.yml
.gitattributes typo fix: test -> spec May 11, 2018
.gitignore zend-expressive-router ^2 usage Feb 21, 2017
.travis.yml
CONTRIBUTING.md
LICENSE initial work Jan 17, 2017
README.md
composer.json final touch Mar 16, 2018

README.md

ForceHttpsModule

Latest Version Build Status Coverage Status PHPStan Downloads

Introduction

ForceHttpsModule is a configurable module for force https in your ZF Mvc and ZF Expressive Application.

This is README for version ^2.0 which only support ZF3 and ZF Expressive version 3 with php ^7.1.

For version 1, you can read at version 1 readme which still support ZF2 and ZF Expressive version 1 and 2 with php ^5.6|^7.0 support.

Features

  • Enable/disable force https.
  • Force Https to All routes.
  • Force Https to specific routes only.
  • Keep headers, request method, and request body.
  • Enable/disable HTTP Strict Transport Security Header and set its value.
  • Allow add www. prefix during redirection from http or already https.
  • Allow remove www. prefix during redirection from http or already https.

Installation

1. Require this module uses composer.

composer require samsonasik/force-https-module

2. Copy config

a. For ZF3 Mvc application, copy force-https-module.local.php.dist config to your local's autoload and configure it

source destination
vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php

Or run copy command:

cp vendor/samsonasik/force-https-module/config/force-https-module.local.php.dist config/autoload/force-https-module.local.php

b. For ZF Expressive application, copy expressive-force-https-module.local.php.dist config to your local's autoload and configure it

source destination
vendor/samsonasik/force-https-module/config/expressive-force-https-module.local.php.dist config/autoload/expressive-force-https-module.local.php

Or run copy command:

cp vendor/samsonasik/force-https-module/config/expressive-force-https-module.local.php.dist config/autoload/expressive-force-https-module.local.php

When done, you can modify your local config:

<?php
// config/autoload/force-https-module.local.php or config/autoload/expressive-force-https-module.local.php
return [
    'force-https-module' => [
        'enable'                => true,
        'force_all_routes'      => true,
        'force_specific_routes' => [
            // only works if previous's config 'force_all_routes' => false
            'checkout',
            'payment'
        ],
        // set HTTP Strict Transport Security Header
        'strict_transport_security' => [
            // set to false to disable it
            'enable' => true,
            'value'  => 'max-age=31536000',
        ],
        // set to true to add "www." prefix during redirection from http or already https
        'add_www_prefix'        => false,
        // remove existing "www." prefix during redirection from http or already https
        // only works if previous's config 'add_www_prefix' => false
        'remove_www_prefix'     => false,
    ],
    // ...
];

3. Lastly, enable it

a. For ZF Mvc application

// config/modules.config.php or config/application.config.php
return [
    'Application'
    'ForceHttpsModule', // register here
],

b. For ZF Expressive application

For zend-expressive-skeleton ^3.0, you need to open config/pipeline.php and add:

$app->pipe(ForceHttpsModule\Middleware\ForceHttps::class);

at the very first pipeline records.

Contributing

Contributions are very welcome. Please read CONTRIBUTING.md