[英]Laravel Force HTTPS redirected you too many times
i am trying to force every route to use HTTPS instead of HTTP 我试图强迫每条路由使用HTTPS而不是HTTP
This is how i did it. 这就是我做到的。 I created middleware ForceHttps
我创建了中间件ForceHttps
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\App;
class ForceHttps
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->secure() && App::environment() === 'production'{
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
And i have applied this middleware to every web route 而且我已经将此中间件应用于每个网络路线
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\ForceHttps::class, // <----
],
'api' => [
'throttle:60,1',
'bindings',
],
];
When i try to access my page it says: This page isn't working testpage.herokuapp.com redirected you too many times. 当我尝试访问我的页面时,它说:该页面无法正常工作testpage.herokuapp.com重定向了您太多次。
I am using heroku to host my webpage 我正在使用heroku托管我的网页
This is not just your middleware. 这不仅仅是您的中间件。 Heroku uses load balancing to better distribute the workloads.
Heroku使用负载平衡来更好地分配工作负载。
Furthermore from the Heroku documentation: 此外,来自Heroku文档:
Heroku's HTTP Routing routes each request through a layer of reverse proxies which are, among other things, responsible for load balancing and terminating SSL connections.
Heroku的HTTP路由通过反向代理层路由每个请求,反向代理负责负载平衡和终止SSL连接。 This means that requests received by a dyno will have the last router's IP address in the REMOTE_ADDR environment variable, and the internal request will always be made using the HTTP protocol, even if the original request was made over HTTPS.
这意味着,dyno接收到的请求将具有REMOTE_ADDR环境变量中的最后一个路由器的IP地址,即使原始请求是通过HTTPS进行的,内部请求也将始终使用HTTP协议进行。
If you are using fideloper/proxy
(if not you should), configure the TrustProxies
middleware like so: 如果您正在使用
fideloper/proxy
(如果不是你应该),配置TrustProxies
中间件就像这样:
<?php
namespace Api\Http\Middleware;
use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* @var array
*/
protected $proxies = '*';
/**
* The current proxy header mappings.
*
* @var array
*/
protected $headers = Request:: HEADER_X_FORWARDED_AWS_ELB;
}
FYI I am running an API written with Laravel on Heroku and here is the middleware
property of my Kernel.php
: 仅供参考,我正在Heroku上运行用Laravel编写的API,这是我的
Kernel.php
的middleware
属性:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Api\Http\Middleware\TrustProxies::class,
\Api\Http\Middleware\RedirectToHttps::class,
\Api\Http\Middleware\PreflightCors::class,
\Api\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class
];
You should really read these paragraphs, which explain in full what I briefly described above: 您应该真正阅读这些段落,它们完整地解释了我上面简要描述的内容:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.