Test that All Routes are Configred Secure

Question

Is there anyway to force Laravel to treat all your routes as HTTPs irrespective of what you've configuration in routes.php?

That is, I know I can configure a route securely withsomething like this

Route::get('/logout', array('https', 'as'=>'logout'

What I'd like is for the https to be added to all routes automatically, even if a developer does this

Route::get('/logout', array('https', 'as'=>'logout'

ensuring a secure route if a developer fails to specify a route as secure.

Failing that, (before I dig into it myself) is there a known programmatic way to get a list of all routes and check if they're secure or not?

Answer 1

You can force them by creating a before filter to check if the current request is secure or not:

App::before(function($request)
{
    if( ! Request::secure())
    {
        return Redirect::secure(Request::fullUrl());
    }
});

You also can create a filter:

Route::filter('force.ssl', function()
{
    if( ! Request::secure())
    {
        return Redirect::secure(Request::fullUrl());
    }
});

And apply to a group of routes:

Route::group(['before' => 'force.ssl', function() {

    Route::get('test', 'Controller@action');

});

You can still check them all one by one this way:

$router = App::make('router');

foreach($router->getRoutes() as $route)
{
    var_dump($route->secure());
}

Answer 2

If you are trying to make all routes secure, why not just add a permanent redirect in Apache or Nginx from HTTP to HTTPS?

Then you bypass having to deal with specifying all of that in your routes?

Otherwise if you are dead set on doing it like you are now, I believe you can do a Route::when() to check if it is secure or not.

Route::when('*', function($route, $request)
{
    if( ! $request->secure())
    {
        return Redirect::secure($request->path());
    }
}