【AWS https php laravel】為 laravel 5.3 網站加入 https 憑證 - (2) 替你的laravel 5.3 網站全站 https

動機

---

讓全站https加密

---

動手做

---

首先在你需要https的地方宣告必須使用https
就先拿login頁面開刀吧

[root@ip-10-128-110-42 sign]# pwd
/var/www/html/giveradm/resources/views/sign

加上一個meta

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

接著建立一個 middleware

php artisan make:middleware AddHeaders.php

[root@ip-10-128-110-42 Middleware]# ll /var/www/html/giveradm/app/Http/Middleware/AddHeaders.php 
-rw-r--r-- 1 nobody nobody 616 Jan 27 21:04 /var/www/html/giveradm/app/Http/Middleware/AddHeaders.php

內容是替所有的https加入允許跨站的部分

<?php

namespace App\Http\Middleware;

use Closure;

class AddHeaders
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->header('Access-Control-Allow-Origin', env('APP_URL'));
        $response->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
        $response->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept');
        return $response;
    }
}

然後在middleware進入點宣告，這邊讓所有有吃web middleware的都去讀他。

[root@ip-10-128-110-42 Middleware]# vim /var/www/html/giveradm/app/Http/Kernel.php
    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\AddHeaders::class,
        ],

---

驗證

---

直接打開網站看看吧！