Add option to force TLS connection (#9327)

Co-authored-by: Lars Kajes <lars.kajes@iusinnovation.se>

.env.example

@@ -144,6 +144,7 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=false
 GOOGLE_MAPS_API=
 LDAP_MEM_LIM=500M
 LDAP_TIME_LIM=600

app/Providers/AppServiceProvider.php

@@ -16,6 +16,7 @@ use App\Observers\LicenseObserver;
 use App\Observers\SettingObserver;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Routing\UrlGenerator;
 
 /**
  * This service provider handles setting the observers on models
@@ -33,8 +34,15 @@ class AppServiceProvider extends ServiceProvider
      * @since [v3.0]
      * @return void
      */
-    public function boot()
+    public function boot(UrlGenerator $url)
     {
+        if (env('APP_FORCE_TLS')) {
+            if (strpos(env('APP_URL'), 'https') === 0) {
+                $url->forceScheme('https');
+            } else {
+                \Log::warning("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
+            }
+        }
         Schema::defaultStringLength(191);
         Asset::observe(AssetObserver::class);
         Accessory::observe(AccessoryObserver::class);