Enforces use of HTTPS (SSL) for requests.
array<string, mixed>
Configuration.
Constructor
Adds Strict-Transport-Security header to response.
Check whether request has been made using HTTPS.
__construct(array<string, mixed> $config = [])
Constructor
array<string, mixed>
$config optional The options to use.
addHsts(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterface
Adds Strict-Transport-Security header to response.
Psr\Http\Message\ResponseInterface
$response Response
Psr\Http\Message\ResponseInterface
process(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface
Check whether request has been made using HTTPS.
Depending on the configuration and request method, either redirects to same URL with https or throws an exception.
ServerRequestInterface
$request The request.
RequestHandlerInterface
$handler The request handler.
Psr\Http\Message\ResponseInterface
Cake\Http\Exception\BadRequestException
Configuration.
redirect
- If set to true (default) redirects GET requests to same URL with https.
statusCode
- Status code to use in case of redirect, defaults to 301 - Permanent redirect.
headers
- Array of response headers in case of redirect.
disableOnDebug
- Whether HTTPS check should be disabled when debug is on. Default true
.
'hsts' - Strict-Transport-Security header for HTTPS response configuration. Defaults to null
. If enabled, an array of config options:
'maxAge' - max-age
directive value in seconds.
includeSubDomains
directive. Defaults to false
.false
.array<string, mixed>
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.HttpsEnforcerMiddleware.html