Force Canonical to use HTTPS

Question

I want my customer section to be https, e.g. registration, login, personal details, order details, etc. I have set up my route to include the https scheme (I can access the customer section via https) but I cannot force my links to use https:

<a class="register" href="<?php echo $this->url('customer/default', array('controller' => 'registration', 'action' => 'index'), array('scheme' => 'https', 'force_canonical' => true,)); ?>">Register</a>

What I get: http://myproject.dev/customer/registration

What I want: https://myproject.dev/customer/registration

It appears to be using the current scheme - so if I'm on http then the url is http, if I'm on https then the url is https.

How do I force $this->url to use the https scheme all the time?

'router' => array(
  'routes' => array(
    'customer' => array(
      'type' => 'Zend\Mvc\Router\Http\Literal',
      'options' => array(
        'route' => '/customer',
        'scheme' => 'https',
        'defaults' => array(
          '__NAMESPACE__' => 'Customer\Controller',
          'https' => true,
          'controller' => 'Index',
          'action' => 'index',
        ),
      ),
      'child_routes' => array(
        'default' => array(
          'type' => 'Segment',
          'options' => array(
            'route' => '/[:controller[/:action]]',
            'scheme' => 'https',
            'constraints' => array(
              'controller' => '[a-zA-Z][a-zA-Z0-9_-]*',
              'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
            ),
            'defaults' => array(
            ),
          ),
        ),
      ),
    ),
  ),
),

[edit]

myproject.dev is my local machine where I've changed my hosts a vhosts file. I have set up my vhosts file to accept ssl and that's not the issue.

I've changed the route type to Zend\Mvc\Router\Http\Scheme and added the scheme option but that generates the following url: https://myproject.dev:80/registration which generates an SSL connection error as it's trying to connect to port 80!

When I change the child_routes type to scheme the url generated is: https://myproject.dev:80/customer

[edit]

As a stop-gap solution I am doing a htaccess redirect if the user is trying to access the customer section on a non-secure scheme:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/customer/?.*$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

I do not like this approach as it should not be necessary!

[edit]

While I want my customer section to be https, I do not want the rest of the site to be.

Answer 1

use Zend\Uri\UriFactory;

add the following code on top of your action or make a method inside a plugin.

$uri = $this->getRequest()->getUri();
        $uri = (string) $uri;
        $url = UriFactory::factory($uri);
        $http = 'http';
        $http_current = $url->getScheme();
        if($http == $http_current){
            $url->setScheme('https');
            return $this->redirect()->toUrl($url);
        }

Answer 2

Can you please add this 2 lines in your .htaccess file.

<IfModule mod_rewrite.c>
      RewriteEngine on
      RewriteCond %{HTTP_HOST} !^myproject\.
      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

It will run on https protocol.