Name: https
Owner: Middlewares
Description: PSR-15 middleware to redirect to https and adds the Strict-Transport-Security header
Created: 2016-10-08 08:53:45.0
Updated: 2018-05-02 20:02:40.0
Pushed: 2018-03-11 11:32:55.0
Homepage: null
Size: 27
Language: PHP
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.
This package is installable and autoloadable via Composer as middlewares/https.
oser require middlewares/https
patcher = new Dispatcher([
(new Middlewares\Https())
->includeSubdomains()
ponse = $dispatcher->dispatch(new ServerRequest());
maxAge(int $maxAge)max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year).
includeSubdomains(bool $includeSubdomains = true)Set true to add the includeSubDomains directive to the Strict-Transport-Security header (false by default)
preload(bool $preload = true)Set true to add the preload directive to the Strict-Transport-Security header (false by default)
checkHttpsForward(bool $checkHttpsForward = true)If it's true and the request contains the headers X-Forwarded-Proto: https or X-Forwarded-Port: 443, no redirection is returned. This prevent problems with Https load balancer.
redirect(bool $redirect = true)Enabled (true) or disable (false) redirecting all together.
Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.
The MIT License (MIT). Please see LICENSE for more information.