After having setup my first October installation successfully I'm now sneaking into the details. First thing I wanted to try: Route every backend request over SSL. In Laravel this easy: Just define a filter and execute it as a 'before' filter e.g. by calling it in a Route::group block:

//  define the filter in app/filters.php
Route::filter('forceSSL', function() {
    if(app()->env == 'production') {
        if(!Request::secure()) {
            return Redirect::secure(Request::getRequestUri());
        }
    }
});

// inject into the routing e.g. in Route::group
Route::group(['before' => 'forceSSL'], function() {
    Route::get('signup', 'UsersController@create');
    /* ... more routes ... */
});

This doesn't seem to work like this e.g. with routes defined for the backend (modules/backend/routes.php). Adding a custom filter in app/filters.php and injecting it in as a 'before' within modules/backend/routes.php doesn't have any effect:

// Register Backend routes before all user routes.
App::before(function($request) {
    Route::group(['before' => 'forceSLL', 'prefix' => Config::get('cms.backendUri', 'backend')], function() {
        Route::any('{slug}', 'Backend\Classes\BackendController@run')->where('slug', '(.*)?');
    });
    // ....
});

How can I handle rouing over SSL in October?

Thanks, Stefan

Last updated 9 years ago

OK. ... I shouldn't have called my filter with 'forceSLL' but 'forceSSL'. And... ... app/routes.php seems to be an good location to define my filters.

It's all good now (so far)

I guess I spoke too soon: filters are considered when put in app/filters.php but injecting them within the routes in e.g. modules/backend/routes.php isn't - modules are likely to be overwritten when October gets updated. Unfortunately I don't see where else I should do that...

So you want every address to be HTTPS? Why not put a simple filter in your layout?

function onStart()
{
    if (!Request::secure()) {
        return Redirect::to(preg_replace(
            "/^http:/i",
            "https:",
            $this->currentPageUrl()
        ));
    }
}

Last updated 9 years ago

not every layout but at least all backend pages. I'm far from understanding October in detail but what you're suggesting is supposed to be handled in the backend editor. I'm not concerned about the pages on the frontend. I don't see how I could edit the layout of the backend (and I don't really want to).

Maybe writing a plugin would be the way to go...

@daftspunk... that would just do frontend stuff wouldn't it? That wouldn't do backend stuff.

I did:

function onStart()
{
    if( ! Request::secure() && getenv('CMS_ENV') == 'production')
    {
        return Redirect::secure(Request::path());
    }
}

...it seems more laravel like..

BUT this does nothing for backend urls.

EDIT. The above gives me a redirect loop... BUT I'm behind a proxy... so maybe my issue is with that. Going to test out something like: https://github.com/fideloper/TrustedProxy

Last updated 9 years ago

Alright... figured it out. See: http://octobercms.com/forum/post/forcing-ssl?page=1#post-3174

that0n3guy said:

Alright... figured it out. See: http://octobercms.com/forum/post/forcing-ssl?page=1#post-3174

Where do I find app/filters.php ? I don't see it anywhere... NVM, this worked for me: https://octobercms.com/forum/post/octobercms-with-https-ssl?page=1#post-12449

Last updated 8 years ago