Force Canonical to use HTTPS

Question

I want my customer section to be https, e.g. registration, login, personal details, order details, etc. I have set up my route to include the https scheme (I can access the customer section via https) but I cannot force my links to use https:

<a class="register" href="<?php echo $this->url('customer/default', array('controller' => 'registration', 'action' => 'index'), array('scheme' => 'https', 'force_canonical' => true,)); ?>">Register</a>

What I get: http://myproject.dev/customer/registration

What I want: https://myproject.dev/customer/registration

It appears to be using the current scheme - so if I'm on http then the url is http, if I'm on https then the url is https.

How do I force $this->url to use the https scheme all the time?

'router' => array(
  'routes' => array(
    'customer' => array(
      'type' => 'Zend\Mvc\Router\Http\Literal',
      'options' => array(
        'route' => '/customer',
        'scheme' => 'https',
        'defaults' => array(
          '__NAMESPACE__' => 'Customer\Controller',
          'https' => true,
          'controller' => 'Index',
          'action' => 'index',
        ),
      ),
      'child_routes' => array(
        'default' => array(
          'type' => 'Segment',
          'options' => array(
            'route' => '/[:controller[/:action]]',
            'scheme' => 'https',
            'constraints' => array(
              'controller' => '[a-zA-Z][a-zA-Z0-9_-]*',
              'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
            ),
            'defaults' => array(
            ),
          ),
        ),
      ),
    ),
  ),
),

[edit]

myproject.dev is my local machine where I've changed my hosts a vhosts file. I have set up my vhosts file to accept ssl and that's not the issue.

I've changed the route type to Zend\Mvc\Router\Http\Scheme and added the scheme option but that generates the following url: https://myproject.dev:80/registration which generates an SSL connection error as it's trying to connect to port 80!

When I change the child_routes type to scheme the url generated is: https://myproject.dev:80/customer

[edit]

As a stop-gap solution I am doing a htaccess redirect if the user is trying to access the customer section on a non-secure scheme:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/customer/?.*$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

I do not like this approach as it should not be necessary!

[edit]

While I want my customer section to be https, I do not want the rest of the site to be.

Answer 1

use Zend\Uri\UriFactory;

add the following code on top of your action or make a method inside a plugin.

$uri = $this->getRequest()->getUri();
        $uri = (string) $uri;
        $url = UriFactory::factory($uri);
        $http = 'http';
        $http_current = $url->getScheme();
        if($http == $http_current){
            $url->setScheme('https');
            return $this->redirect()->toUrl($url);
        }

Answer 2

Can you please add this 2 lines in your .htaccess file.

<IfModule mod_rewrite.c>
      RewriteEngine on
      RewriteCond %{HTTP_HOST} !^myproject\.
      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

It will run on https protocol.

Answer 3

i believe, such automatic redirection should be done on HTTP-daemon level for all URL's starting with /customer. all popular HTTP-servers like Apache, Nginx, or Lighttpd allow such configs. it's not good to bother business logic about network security, imo.

Answer 4

Use a combination of the ServerUrl and URL view helpers to construct your URL's, EG:

<?php
$this->getHelper('ServerUrl')->setScheme('https')
?>
<a href="<?php echo $this->serverUrl($this->url('customer/default', array('controller' => 'registration', 'action' => 'index'), array('force_canonical' => true,))); ?>">Link Caption</a>

This will force the link to be fully qualified instead of relative and will force the scheme to be https without causing issues with the port being specified wrong.