PHP Composer Disable HTTPS by CLI

Published by Torry Crass on

Every now and then it can be necessary to disable certain security features temporarily in order to achieve a goal. In my case, it was for the use of a web script that didn’t use HTTPS for composer that I did not have the time to update.

Composer allows you to configure https settings in the composer file for individual actions, that is well documented so I am not covering that here. Visit the composer site for that.

What is not easily found (or well documented) is performing this from CLI for a script that needs to be run when you DO NOT have access to the config file performing the composer actions.

Thanks to the post on Stack Overflow by haofly for the answer as shown below. Simply run the following from command line and this will disable the options globally. Remember to turn them back on after.

composer config --global disable-tls true
composer config --global secure-http false


Leave a Reply