Name: https
Owner: Middlewares
Description: PSR-15 middleware to redirect to https and adds the Strict-Transport-Security header
Created: 2016-10-08 08:53:45.0
Updated: 2018-05-02 20:02:40.0
Pushed: 2018-03-11 11:32:55.0
Homepage: null
Size: 27
Language: PHP
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Middleware to redirect to https
if the request is http
and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
This package is installable and autoloadable via Composer as middlewares/https.
oser require middlewares/https
patcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
ponse = $dispatcher->dispatch(new ServerRequest());
maxAge(int $maxAge)
max-age
directive for the Strict-Transport-Security
header. By default is 31536000
(1 year).
includeSubdomains(bool $includeSubdomains = true)
Set true
to add the includeSubDomains
directive to the Strict-Transport-Security
header (false
by default)
preload(bool $preload = true)
Set true
to add the preload
directive to the Strict-Transport-Security
header (false
by default)
checkHttpsForward(bool $checkHttpsForward = true)
If it's true
and the request contains the headers X-Forwarded-Proto: https
or X-Forwarded-Port: 443
, no redirection is returned. This prevent problems with Https load balancer.
redirect(bool $redirect = true)
Enabled (true
) or disable (false
) redirecting all together.
Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.