Laravel Redirect All Requests To HTTPS-open source projects laravel/laravel

Pedro Henrique A. Oliveira

I don’t understand about HTTP and HTTPS in detail, so I’m sorry if this answer isn’t very good.

It’s my understanding that there is an issue that even when client and (client specified) server are using HTTPS, Request::secure() can return false because your application may be running on a different server, which is possibly not receiving a https request.

I’m hosting my laravel app in heroku and it seems it does that. My guess is that the primary (client specified) server is a load balancer and when the request is forwarded, it arrives at the other server as a normal HTTP request.

When such forwarding can happen, you should not just check for Request::secure() to be true. I was instructed (by someone in #laravel @ irc.freenode.com) to also check Request::server('HTTP_X_FORWARDED_PROTO') to see if it’s equal to 'https'.

So if you intend to follow the other advice in here and perform a redirect in case of non-secure, try checking for this server parameter too.