Added headers Middleware
This commit is contained in:
parent
708b60ee5b
commit
6be7a3e012
|
@ -21,6 +21,7 @@ class Kernel extends HttpKernel
|
||||||
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
||||||
\App\Http\Middleware\TrimStrings::class,
|
\App\Http\Middleware\TrimStrings::class,
|
||||||
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
|
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
|
||||||
|
\App\Http\Middleware\Headers::class,
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Middleware;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
|
||||||
|
class Headers
|
||||||
|
{
|
||||||
|
public function handle(Request $request, Closure $next)
|
||||||
|
{
|
||||||
|
// Check if FORCE_HTTPS is set to true
|
||||||
|
if (env('FORCE_HTTPS') == 'true') {
|
||||||
|
\URL::forceScheme('https'); // Force HTTPS
|
||||||
|
header("Content-Security-Policy: upgrade-insecure-requests");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if FORCE_ROUTE_HTTPS is set to true
|
||||||
|
if (env('FORCE_ROUTE_HTTPS') == 'true' && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off')) {
|
||||||
|
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
||||||
|
header("Location: $redirect_url");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,13 +1 @@
|
||||||
@if(env('FORCE_HTTPS') == 'true')<?php URL::forceScheme('https'); header("Content-Security-Policy: upgrade-insecure-requests"); ?>@endif
|
|
||||||
<html lang="{{ config('app.locale') }}">
|
<html lang="{{ config('app.locale') }}">
|
||||||
|
|
||||||
{{-- Redirects to https if enabled in the advanced-config --}}
|
|
||||||
@if(env('FORCE_ROUTE_HTTPS') == 'true')
|
|
||||||
@php
|
|
||||||
if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
|
|
||||||
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
|
||||||
header("Location: $redirect_url");
|
|
||||||
exit();
|
|
||||||
}
|
|
||||||
@endphp
|
|
||||||
@endif
|
|
||||||
|
|
Loading…
Reference in New Issue