, (*1)
Secure connection (https) handling extension for Yii2
This extension provides some tools for the secure connection (https) handling., (*2)
For license information check the LICENSE-file., (*3)
, (*4)
Installation
The preferred way to install this extension is through composer., (*5)
Either run, (*6)
php composer.phar require --prefer-dist yii2tech/https
or add, (*7)
"yii2tech/https": "*"
to the require section of your composer.json., (*8)
Usage
This extension provides some tools for the secure connection (https) handling., (*9)
Filter [[\yii2tech\https\SecureConnectionFilter]] allows automatic redirection from 'http' to 'https' protocol,
depending of which one is required by particular action. Actions separation into those requiring secure protocol
and the ones requiring unsecure protocol can be setup via secureOnly
and secureExcept
properties., (*10)
Being descendant of [[yii\base\ActionFilter]], [[\yii2tech\https\SecureConnectionFilter]] can be setup both at the
controller level and at module (application) level., (*11)
Application configuration example:, (*12)
return [
'as https' => [
'class' => 'yii2tech\https\SecureConnectionFilter',
'secureOnly' => [
'site/login',
'site/signup',
],
],
// ...
];
Controller configuration example:, (*13)
use yii\web\Controller;
use yii2tech\https\SecureConnectionFilter;
class SiteController extends Controller
{
public function behaviors()
{
return [
'https' => [
'class' => SecureConnectionFilter::className(),
'secureOnly' => [
'login',
'signup',
],
],
];
}
// ...
}
Heads up! Do not forget about only
and except
properties of the filter. Keep in mind that secureOnly
and secureExcept
can not affect those actions, which are excluded from filtering via only
and except
.
You may use this to skip some actions from the secure connection processing., (*14)
Heads up! Be aware of the forms, which may appear at on protocol but require submission to the other.
Request body can not be transferred during redirect, so submitted data will be lost. You'll have to setup
form action manually with the correct schema, instead of relying on the filter., (*15)
Automatic URL creation
Using simple redirect from one protocol to another is not efficient and have a risk of loosing data submitted via
web form. Thus it is better to explicitly specify URL with correct protocol in your views.
You may simplify this process using [[\yii2tech\https\SecureUrlRuleFilter]] action filter. Once applied it will adjust
[[\yii\web\UrlManager::rules]] in the way [[\yii\web\UrlManager::createUrl()]] method will automatically create
absolute URL with correct protocol in case it miss matches current one., (*16)
Application configuration example:, (*17)
return [
'as secureUrlRules' => [
'class' => 'yii2tech\https\SecureUrlRuleFilter',
'secureOnlyRoutes' => [
'auth/login',
'site/signup',
],
'secureExceptRoutes' => [
'site/index',
'help/<action>',
],
],
'components' => [
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'/' => 'site/index',
'login' => 'auth/login',
'signup' => 'site/signup',
'<action:contact|faq>' => 'help/<action>',
]
],
],
// ...
];
Now [[\yii\web\UrlManager::createUrl()]] will create URLs with correct protocol without extra efforts:, (*18)
if (Yii::$app->request->isSecureConnection) {
echo Yii::$app->urlManager->createUrl(['site/index']); // outputs: 'http://domain.com/'
echo Yii::$app->urlManager->createUrl(['auth/login']); // outputs: '/login'
} else {
echo Yii::$app->urlManager->createUrl(['site/index']); // outputs: '/'
echo Yii::$app->urlManager->createUrl(['auth/login']); // outputs: 'https://domain.com/login'
}
Note: [[\yii2tech\https\SecureUrlRuleFilter]] filter will take affect only if
[[\yii\web\UrlManager::enablePrettyUrl]] is enabled., (*19)
Heads up! once applied [[\yii2tech\https\SecureUrlRuleFilter]] filter changes the state of related
[[\yii\web\UrlManager]] instance, which may make unexpected side effects. For example: this may
break such features as parsing URL., (*20)
The more reliable way for automatic URL creation is usage of [[\yii2tech\https\SecureConnectionUrlManagerTrait]].
Being used with the descendant of the [[\yii\web\UrlManager]] it will adjust createUrl()
method so it will behave
exactly the same as in example above., (*21)
Trait usage example:, (*22)
namespace app\components\web;
use yii2tech\https\SecureConnectionUrlManagerTrait;
class MyUrlManager extends \yii\web\UrlManager
{
use SecureConnectionUrlManagerTrait;
}
Application configuration example:, (*23)
return [
'components' => [
'urlManager' => [
'class' => 'app\components\web\MyUrlManager',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'/' => 'site/index',
'login' => 'auth/login',
'signup' => 'site/signup',
'<action:contact|faq>' => 'help/<action>',
],
'secureOnlyRoutes' => [
'site/signup',
'auth/*',
],
'secureExceptRoutes' => [
'site/index',
'help/*',
],
],
],
// ...
];
In case you do not use any custom URL manager in your project you can use [[\yii2tech\https\UrlManager]], which already
have [[\yii2tech\https\SecureConnectionUrlManagerTrait]] applied., (*24)
Note: usage of [[\yii2tech\https\SecureConnectionUrlManagerTrait]] is more reliable then [[\yii2tech\https\SecureUrlRuleFilter]],
but it may consume more computing resources at some cases. Still it is recommended to use trait instead of filter., (*25)
Note: [[\yii2tech\https\SecureConnectionUrlManagerTrait]] and [[\yii2tech\https\SecureUrlRuleFilter]] process routes
in the different way: filter uses those defined by URL rules, while trait operates exact route names as they passed
to createUrl()
method., (*26)