tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs

Browse Source 
DOCS Add note about applying forceSSL to non-live environments
This commit is contained in:
Loz Calver 2019-11-25 11:37:30 +00:00 committed by GitHub
commit f4713d95f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View File

@ -716,6 +716,19 @@ if (!Director::isDev()) {
} }
``` ```
`forceSSL()` will only take effect in environment types that `CanonicalURLMiddleware` is configured to apply to (by
default, only `LIVE`). To apply this behaviour in all environment types, you'll need to update that configuration:
```php
use SilverStripe\Control\Director;
use SilverStripe\Control\Middleware\CanonicalURLMiddleware;
if (!Director::isDev()) {
CanonicalURLMiddleware::singleton()->setEnabledEnvs(true); // You can also specify individual environment types
Director::forceSSL();
}
```
Forcing HTTPS so requires a certificate to be purchased or obtained through a vendor such as Forcing HTTPS so requires a certificate to be purchased or obtained through a vendor such as
[lets encrypt](https://letsencrypt.org/) and configured on your web server. [lets encrypt](https://letsencrypt.org/) and configured on your web server.