Laravel force SSL gives 'This webpage has a redirect loop'

Question

I'm using Laravel 4.1, and want to force SSL site wide. My app is deployed on Heroku. Added this to either App::before or as a filter:

if( ! Request::secure())
{
    return Redirect::secure(Request::path());
}

But that gives me 'This webpage has a redirect loop' message. If I access some page by typing in https:// by hand, it serves that page correctly; but any link or form action is pointed to http://, which I don't want.

Also, I tried to add https parameter to some route, e.g.:

Route::get('about', ['https', function()
{
    // do something
}]);

but this returns 404 :(

Can someone help me out?

Answer 1

I faced the same issue and finally found the solution by using :

App::before(function($request)
{
    if( (Request::header('x-forwarded-proto') <> 'https') && !App::environment('local',     'staging')) {
        return Redirect::secure(Request::getRequestUri());
    }
});

It was due to Heroku passing this information in a different variable than the one used by default by Laravel.

And if you are interested in getting the right environment detection, this is what I used with Laravel and Heroku :

$env = $app->detectEnvironment(function() {
    if (getenv('LARAVEL_ENV')) {
        return getenv('LARAVEL_ENV');
    } else {
        return 'local'; // Default
    }
});

You will need to set a "LARAVEL_ENV" environment variable in your different servers with local, staging or production.

With the two, only HTTPS traffic is forced on the production environment.