- What is Symfony?
- Get started
- Documentation
- Community
- Services
-
News
Latest News
What happened last week in Symfony?
This week, the new Symfony 2.3 branch was created. In addition, the first Symfony 2.3 release candidate version was published, which includes tons of great small improvements. Lastly, one of the biggest Symfony events of the year, the Symfony Live Portland 2013 conference, will take place next week.
Upcoming EventsThe Symfony Community organizes events all over the world on a regular basis. Here are the next ones.
Netherlands, Utrecht — Symfony Meetup - Netherlands/Utrecht
on May 22, 2013, from 19:00 to 22:00
France, Montpellier — eZ UnConference #2
from May 27, 2013 to May 29, 2013
Germany, München — Symfony User Group München
on June 05, 2013, from 18:30 to 22:30
Germany, Köln — Symfony User Group Cologne steht an!
on June 05, 2013, from 19:00 to 22:00 - About
Questions & Feedback
Found a typo or an error?
Want to improve this document? Edit it.
Need support or have a technical question?
Post to the user mailing-list.
Master Symfony2 fundamentals
Symfony hosting done right
Discover the SensioLabs Support
How to force routes to always use HTTPS or HTTP
How to force routes to always use HTTPS or HTTP¶
Sometimes, you want to secure some routes and be sure that they are always accessed via the HTTPS protocol. The Routing component allows you to enforce the URI scheme via schemes:
- YAML
1 2 3 4
secure: path: /secure defaults: { _controller: AcmeDemoBundle:Main:secure } schemes: [https]
- XML
1 2 3 4 5 6 7 8 9 10
<?xml version="1.0" encoding="UTF-8" ?> <routes xmlns="http://symfony.com/schema/routing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd"> <route id="secure" path="/secure" schemes="http"> <default key="_controller">AcmeDemoBundle:Main:secure</default> </route> </routes>
- PHP
1 2 3 4 5 6 7 8 9
use Symfony\Component\Routing\RouteCollection; use Symfony\Component\Routing\Route; $collection = new RouteCollection(); $collection->add('secure', new Route('/secure', array( '_controller' => 'AcmeDemoBundle:Main:secure', ), array(), array(), '', array('https'))); return $collection;
The above configuration forces the secure route to always use HTTPS.
When generating the secure URL, and if the current scheme is HTTP, Symfony
will automatically generate an absolute URL with HTTPS as the scheme:
1 2 3 4 5 6 7 | {# If the current scheme is HTTPS #}
{{ path('secure') }}
# generates /secure
{# If the current scheme is HTTP #}
{{ path('secure') }}
{# generates https://example.com/secure #}
|
The requirement is also enforced for incoming requests. If you try to access
the /secure path with HTTP, you will automatically be redirected to the
same URL, but with the HTTPS scheme.
The above example uses https for the scheme, but you can also force a URL
to always use http.
Note
The Security component provides another way to enforce HTTP or HTTPs via
the requires_channel setting. This alternative method is better suited
to secure an "area" of your website (all URLs under /admin) or when
you want to secure URLs defined in a third party bundle.
NEWS FROM THE BLOG
IN THE NEWS
is a trademark of Fabien Potencier. All rights reserved.