With my new project, when I deploy my app to my https:// domain, every {{ asset() }}
and every {{ route() }}
is being served over http
(which causes "mixed content" security issues in browsers).
I'm using AWS with a load-balanced Elastic Beanstalk application.
I've tried ensuring APP_URL
is correctly set to https, and I understand I can use secure_asset or forceScheme, however I didn't have to do this with my previous project and I want to understand why.
How can I see where Laravel is making a decision about protocol? I want to get to the root of the problem rather than plaster over it.
This is an easy gotcha. If you're using AWS you need to change your config. It's very simple and, as usual, Laravel's documentation has the solution. You can read more here:
https://laravel.com/docs/5.6/requests#configuring-trusted-proxies
All I had to do (as an AWS Elastic Beanstalk user) was edit app/Http/Middleware/TrustProxies.php
:
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* @var array
*/
protected $proxies = '*';
/**
* The headers that should be used to detect proxies.
*
* @var int
*/
protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;
}
Now everything is fine. Easy to miss when setting up a new project.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With