Docs4dev
Docs
cakephp / 4.4 / class-cake.http.middleware.httpsenforcermiddleware.html

Class HttpsEnforcerMiddleware

Enforces use of HTTPS (SSL) for requests.

Namespace: Cake\Http\Middleware

Property Summary

  • $config protected
    array<string, mixed>

    Configuration.

Method Summary

  • __construct() public

    Constructor

  • addHsts() protected

    Adds Strict-Transport-Security header to response.

  • process() public

    Check whether request has been made using HTTPS.

Method Detail

__construct() public

__construct(array<string, mixed> $config = [])

Constructor

Parameters

array<string, mixed> $config optional

The options to use.

See Also

\Cake\Http\Middleware\HttpsEnforcerMiddleware::$config

addHsts() protected

addHsts(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterface

Adds Strict-Transport-Security header to response.

Parameters

Psr\Http\Message\ResponseInterface $response

Response

Returns

Psr\Http\Message\ResponseInterface

process() public

process(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface

Check whether request has been made using HTTPS.

Depending on the configuration and request method, either redirects to same URL with https or throws an exception.

Parameters

ServerRequestInterface $request

The request.

RequestHandlerInterface $handler

The request handler.

Returns

Psr\Http\Message\ResponseInterface

Throws

Cake\Http\Exception\BadRequestException

Property Detail

$config protected

Configuration.

Options

  • redirect - If set to true (default) redirects GET requests to same URL with https.

  • statusCode - Status code to use in case of redirect, defaults to 301 - Permanent redirect.

  • headers - Array of response headers in case of redirect.

  • disableOnDebug - Whether HTTPS check should be disabled when debug is on. Default true.

  • 'hsts' - Strict-Transport-Security header for HTTPS response configuration. Defaults to null. If enabled, an array of config options:

  • 'maxAge' - max-age directive value in seconds.

    • 'includeSubDomains' - Whether to include includeSubDomains directive. Defaults to false.
    • 'preload' - Whether to include 'preload' directive. Defauls to false.

Type

array<string, mixed>

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.HttpsEnforcerMiddleware.html