Coder Social home page Coder Social logo

https's Introduction

middlewares/https

Latest Version on Packagist Software License Testing Total Downloads

Middleware to redirect to https if the request is http and add the Strict Transport Security header to protect against protocol downgrade attacks and cookie hijacking.

Requirements

Installation

This package is installable and autoloadable via Composer as middlewares/https.

composer require middlewares/https

Example

$dispatcher = new Dispatcher([
	(new Middlewares\Https())
		->includeSubdomains()
]);

$response = $dispatcher->dispatch(new ServerRequest());

Usage

This middleware accept a Psr\Http\Message\ResponseFactoryInterface as a constructor argument, to create the redirect responses. If it's not defined, Middleware\Utils\Factory will be used to detect it automatically.

$responseFactory = new MyOwnResponseFactory();

//Detect the response factory automatically
$https = new Middlewares\Https();

//Use a specific factory
$htts = new Middlewares\Https($responseFactory);

maxAge

This option allow to define the value of max-age directive for the Strict-Transport-Security header. By default is 31536000 (1 year).

$threeYears = 31536000 * 3;

$https = (new Middlewares\Https())->maxAge($threeYears);

includeSubdomains

By default, the includeSubDomains directive is not included in the Strict-Transport-Security header. Use this function to change this behavior.

$https = (new Middlewares\Https())->includeSubdomains();

preload

By default, the preload directive is not included in the Strict-Transport-Security header. Use this function to change this behavior.

$https = (new Middlewares\Https())->preload();

checkHttpsForward

Enabling this option ignore requests containing the header X-Forwarded-Proto: https or X-Forwarded-Port: 443. This is specially useful if the site is behind a https load balancer.

$https = (new Middlewares\Https())->checkHttpsForward();

redirect

This option returns a redirection response from http to https. It's enabled by default.

//Disable redirections
$https = (new Middlewares\Https())->redirect(false);

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.