Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel not using https for assets and dynamic routes

Tags:

http

php

https

laravel

I've changed my APP_URL=https://example.com, I've added this into my AppServiceProvider's boot method:

/** Enable HTTPS */
if(env('REDIRECT_HTTPS')) {
    $url->forceSchema('https');
}

And I've run php artisan cache:clear, php artisan view:clear and php artisan config:clear. I still can't get assets and dynamic routes to use https. Just getting the error:

Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://example.com/css/app.css'. This request has been blocked; the content must be served over HTTPS.

I know I can use secure_asset instead of asset and that should work, but I need this to be dynamic, as I still need to serve the http version of the site for now on another domain.

like image 223
Ryan Bobrowski Avatar asked Feb 02 '18 20:02

Ryan Bobrowski

People also ask

What is URL () in Laravel?

url() Generates an absolute URL to the given path (code)Preserves any URL query string. {{ url('search') }} // http://www.example.com/search {{ url('search', ['qevo', 'laravel']) }} // http://www.example.com/search/qevo/laravel.

How do I change the default page in Laravel?

How do I change the default page in Laravel? Route::get('home/landing/page', 'SomeController@function`); private $redirectTo = 'home/landing/page'; Route::get('/', function () { return redirect('home/landing/page'); });

How to define Route in web php Laravel?

All Laravel routes are defined in your route files, which are located in the routes directory. These files are automatically loaded by your application's App\Providers\RouteServiceProvider . The routes/web.php file defines routes that are for your web interface.

1 Answers

The asset() helper relies on a couple possibilities to determine whether to make a HTTP or HTTPS URL:

  • $_SERVER['HTTPS'] being on. This is Apache's way of doing things. For nginx, you can set that server param yourself in the config.
  • $_SERVER['HTTP_X_FORWARDED_PROTO'] being https.

If you're behind a load balancer, it's probably sending the X-Forwarded-Proto header, but Laravel doesn't trust it by default because it can be set by a malicious user in some cases. You can tell Laravel to trust this header coming from your load balancer using the TrustedProxy package. (edit: This is now built into Laravel)

See also: Symfony2: getScheme does not return 'https' (Laravel uses Symfony's getScheme() function for this)

like image 63
ceejayoz Avatar answered Sep 18 '22 03:09

ceejayoz
Sign in to Comment

Related questions

Creating RESTful API by using pure CodeIgniter?
PHP flush stopped flushing in IIS 8
PHP 7 cannot find MySQLi
Error 500 when uploading Laravel project to server
Why does multi_query not work when I use transactions?
What is Facebook app canvas and page tab?
JS charCodeAt equivalent in PHP (with full unicode and emoji compatibility)
How to generate a short token with laravel passport?
Cakephp: how to call javascript function in link?
Xdebug (inside Docker container) ignoring XDEBUG_CONFIG environment variable
Laravel functional testing ajax control
ZipArchive::close(): Failure to create temporary file in AWS EC2 Linux
FatalErrorException in ProviderRepository.php line 208: Class 'Illuminate\Html\HtmlServiceProvider' not found
different Timestamps when using strtotime() in PHP and UNIX_TIMESTAMP() in MySQL
Setting up an in memory SQLite database for testing in Laravel 5.4
php 7 mb_ (multibyte) functions are ~60% slower than in 5.3 (windows only issue)
Laravel Eloquent delete() not working
Dropzone no valid MIME type in backend Laravel?
How to convert a file to UTF-8 in php?
How to use relationship value in Laravel Form Facade?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!