You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
This middleware accept a Psr\Http\Message\ResponseFactoryInterface as a constructor argument, to create the redirect responses. If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.
$responseFactory = newMyOwnResponseFactory();
//Detect the response factory automatically$https = newMiddlewares\Https();
//Use a specific factory$htts = newMiddlewares\Https($responseFactory);
maxAge
This option allow to define the value of max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year).
By default, the preload directive is not included in the Strict-Transport-Security header. Use this function to change this behavior.
$https = (newMiddlewares\Https())->preload();
checkHttpsForward
Enabling this option ignore requests containing the header X-Forwarded-Proto: https or X-Forwarded-Port: 443. This is specially useful if the site is behind a https load balancer.
