skip to Main Content

I am trying to force my heroku web app to use the automatic certificate offered from heroku. I need to force all my links to use https. So I added lines:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

To the htaccess file, but now I get the error "This page isn’t working, too many redirects". What do I put in my htaccess file to force https? Everyone online I’ve found uses this, but if I delete my other rules my website does not load.

<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
    Options -MultiViews -Indexes
</IfModule>

RewriteEngine On

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

2

Answers


  1. Chosen as BEST ANSWER

    Figured it out. In Laravel under AppServiceProvider.php, you can put this is the boot() function to force https on your laravel app.

    Hope this helps anyone!

    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        if($this->app->environment('production')) {
            URL::forceScheme('https');
        }
    }
    

  2. Everyone online I’ve found uses this

    Is that "everyone" using Heroku?

    I believe Heroku uses a reverse proxy to manage the SSL certificate, so you can’t use the Apache HTTPS server variable, since your application is actually communicating over plain HTTP to the proxy.

    Try the following instead:

    RewriteCond %{HTTP:X-Forwarded-Proto} =http
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    

    The reverse proxy sets the X-Forwarded-Proto HTTP request header, informing the application of the type of request that the client made to the proxy.

    You will need to clear your browser cache before testing.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search