CakePHP 3 – Force all actions to require SSL

Let’s see how we can force all actions to require SSL and how to tell cakePHP to redirect to the ssl version of our application.

We are going to edit src/Controller/AppController class.

Add use directive:

use CakeEventEvent;

Create function beforeFilter:

public function beforeFilter(Event $event) 
{
    parent::beforeFilter($event); 
    $this->Security->requireSecure();
}

Edit initialize function:

public function initialize()
{
    parent::initialize();
    $this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']);
}

Create function forceSSL:

public function forceSSL()
{
    return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}

All controllers that extend AppController class will be forced to use SSL. CakePHP will take care to redirect the user to the SSL-secured version of the request.

You can find more information here.

Categories: CakePHP, PHP Tags: , , ,
%d bloggers like this: