/**
* Ensure the current connection with the user agent is secure with HTTPS.
*
* This function uses {@link isHttps()} to determine whether the connection
* is via HTTPS. If it is, this function will return successfully.
*
* If it is not, what happens next is determined by the following steps.
*
* 1. If $allow_override is true and allow_plaintext is also true,
* then the function will return successfully
* 2. Otherwise, then it will either redirect (if $action is
* redirect) or return an error (if $action is error)
*
* @param string $action what to do if connection is not secure - either
* 'redirect' or 'error'
* @param boolean $allow_override whether allow_plaintext is checked
* to see if an unencrypted connection is allowed
* @param string $redirect_url if $action is redirect, what URL to redirect to.
* If null, this will redirect to the same page (albeit with an HTTPS connection)
* @param boolean $strict whether HTTP Strict Transport Security is active
*/
protected function checkHttps($action = 'redirect', $allow_override = false, $redirect_url = null, $strict = true)
{
if ($this->isHttps()) {
if ($strict) {
header('Strict-Transport-Security: max-age=3600');
}
return;
}
$config = $this->f3->get('config');
if ($allow_override && $config['allow_plaintext']) {
return;
}
if ($action == 'error') {
$this->f3->status(426);
header('Upgrade: TLS/1.2, HTTP/1.1');
header('Connection: Upgrade');
$this->fatalError($this->t('An encrypted connection (HTTPS) is required for this page.'));
exit;
return;
}
if ($redirect_url == null) {
$redirect_url = $this->getCanonicalURL($this->f3->get('PATH'), $this->f3->get('SERVER.QUERY_STRING'), 'https');
}
$this->f3->status(301);
header('Location: ' . $redirect_url);
exit;
}
