How do I set up so that yii2 application only accept https requests only, http request should not allow ?
How do I set up so that yii2 application only accept https requests only, http request should not allow ?
any ideas ?
# Redirect http to https
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Jac, just to let you know - I just sent you a message. I hope it reaches you.
Ideally it should be enforced by your server, but if you need it on an application level, you could write your own component:
<?php
namespace app\components;
use Yii;
use yii\base\Component;
/**
* Class SSLComponent
* @package app\components
*/
class SSLComponent extends Component
{
public function init()
{
parent::init();
// If in production mode and the URL is not secure, redirect
if (!Yii::$app->request->isSecureConnection) {
$url = 'https://' . $_SERVER['HTTP_HOST'] . Yii::$app->request->url;
Yii::$app->response->redirect($url);
Yii::$app->end();
}
}
}
And then have something like the following in your config:
return [
'bootstrap' => ['ssl'],
'components' => [
'ssl' => [
'class' => 'app\components\SSLComponent',
],
],
];