Forcing Laravel generated URLs to https:

Deployment Routing

Committed to the LaraBrain by: harrisoftware at October 24, 2015 5:58 pm

If you are developing on OSX El Capitan, apache has been configured to use ReverseProxy. This causes $request->secure() to always return false.

The solution for laravel 4.2 is to add

URL::forceSchema("https");

to your filters.php before() function.

For laravel 5 I used a middleware solution:

<?php namespace toolbox5\Http\Middleware;

use Closure;
use Illuminate\Contracts\Routing\Middleware;

/**
 * Secure
 * Redirects any non-secure requests to their secure counterparts.
 *
 * @param request The request object.
 * @param $next The next closure.
 * @return redirects to the secure counterpart of the requested uri.
*/
class Secure implements Middleware
{

public function handle($request, Closure $next)
{
    if (($request->server('HTTP_X_FORWARDED_PROTO') != 'https') && 
                 !app()->environment('production')) {
                     // production is not currently secure
            return redirect()->secure($request->getRequestUri());
    }

    return $next($request);
}

}

NB: my dev environment is SSL but the production server is not which is why I use !app()->environment('production') which forces HTTPS on my dev URLs. Edit yours as required.