redirect in cakephp ssl site routes to http not https

Question

I have developed a cakephp site that should use ssl for all pages. It works as expected except when I use redirect in a controller it redirects to http: //subdomain.domain.c

Answer 1

I'm taking a bit of a guess, but I suspect it is this very RewriteRule that's messing things up.

You should be "redirecting" not "rewriting". Cake's generated links are usually relative to the root, so don't specify a protocol unless you pass "true" as the second parameter.

I also have apache listening on both 80 and 443 so that I can at least respond to incorrect requests.

This is the code I have in my AppController class to do the same thing:

function beforeFilter() {
    parent::beforeFilter();
    $this->_setupSecurity();
}

function _setupSecurity() {
    $this->Security->blackHoleCallback = '_badRequest';
    if(Configure::read('forceSSL')) {
        $this->Security->requireSecure('*');
    }
}

/**
* The main SecurityComponent callback.
* Handles both missing SSL problems and general bad requests.
*/

function _badRequest() {
    if(Configure::read('forceSSL') && !$this->RequestHandler->isSSL()) {
        $this->_forceSSL();
    } else {
        $this->cakeError('error400');
    }
    exit;
}

/**
* Redirect to the same page, but with the https protocol and exit.
*/

function _forceSSL() {
    $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    exit;
}

I also have my own config 'forceSSL' option in bootstrap.php for turning this on and off depending on the environment, so that needs to be set to true for the above to work.