jueves, 26 de octubre de 2017

Redirect http to https on PHP with Heroku using .htaccess

There is one thing that you need to understand with SSL and Heroku. The SSL connection is actually terminated before the request reaches your app, it is done heroku routing layer and all requests are sent to your app using plain HTTP.

To know if a request was made using HTTPS you need to check the X-Forwarded-Proto HTTP header for its value. "https" means it used SSL, "http" means it didn't. You should then perform the URL rewrite based on this. This is an example of how you can do this using the .htaccess file.

##Force SSL

#Normal way (in case you need to deploy to NON-heroku)
RewriteCond %{HTTPS} !=on

#Heroku way
RewriteCond %{HTTP:X-Forwarded-Proto} !https

#If neither above conditions are met, redirect to https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The secret sauce is the line with HTTP:X-Forwarded-Proto.