Enforces use of HTTPS (SSL) for requests.
array<string, mixed>Configuration.
Constructor
Adds Strict-Transport-Security header to response.
Check whether request has been made using HTTPS.
__construct(array<string, mixed> $config = [])
Constructor
array<string, mixed> $config optional The options to use.
addHsts(Psr\Http\Message\ResponseInterface $response): Psr\Http\Message\ResponseInterface
Adds Strict-Transport-Security header to response.
Psr\Http\Message\ResponseInterface $response Response
Psr\Http\Message\ResponseInterfaceprocess(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface
Check whether request has been made using HTTPS.
Depending on the configuration and request method, either redirects to same URL with https or throws an exception.
ServerRequestInterface $request The request.
RequestHandlerInterface $handler The request handler.
Psr\Http\Message\ResponseInterfaceCake\Http\Exception\BadRequestExceptionConfiguration.
redirect - If set to true (default) redirects GET requests to same URL with https.
statusCode - Status code to use in case of redirect, defaults to 301 - Permanent redirect.
headers - Array of response headers in case of redirect.
disableOnDebug - Whether HTTPS check should be disabled when debug is on. Default true.
'hsts' - Strict-Transport-Security header for HTTPS response configuration. Defaults to null. If enabled, an array of config options:
'maxAge' - max-age directive value in seconds.
includeSubDomains directive. Defaults to false.false.array<string, mixed>
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.HttpsEnforcerMiddleware.html