You are here

Home » API reference » Secure Pages 8 » Securepages.php » Securepages

public static function Securepages::checkRedirect in Secure Pages 8

Checks the current request and see if we need to redirect.

Return value

bool TRUE if we need to redirect to HTTPS, FALSE to redirect to HTTP, NULL if no redirect should happen.

1 call to Securepages::checkRedirect()
SecurepagesSubscriber::checkRequestRedirection in src/EventSubscriber/SecurepagesSubscriber.php
Event handler for request processing. Redirects as needed.

File

src/Securepages.php, line 26
Contains \Drupal\securepages\Securepages.

Class

Securepages
Utility class for global functionality.

Namespace

Drupal\securepages

Code

public static function checkRedirect() {
  $request = \Drupal::requestStack()
    ->getCurrentRequest();
  $current_path_stack = \Drupal::service('path.current');
  $path = $current_path_stack
    ->getPath($request);
  $is_xmlhttp = $request->headers
    ->get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest';
  $is_https = $request
    ->isSecure();
  $switch = \Drupal::config('securepages.settings')
    ->get('switch');

  // Only redirect if this was not a post request.
  if ($request
    ->getMethod() != 'POST' && !$is_xmlhttp) {
    $role_match = Securepages::matchCurrentUser();
    $page_match = Securepages::matchCurrentPath();
    if ($role_match && !$is_https) {
      Securepages::log('Redirect user to secure on @path.', $path);
      return TRUE;
    }
    elseif ($page_match && !$is_https) {
      Securepages::log('Redirect path to secure on @path.', $path);
      return TRUE;
    }
    elseif ($page_match === FALSE && $is_https && $switch && !$role_match) {
      Securepages::log('Redirect path to insecure on @path.', $path);
      return FALSE;
    }
  }
  return NULL;
}