Level 42
Hi @ahmed234 I experienced the similar problem as you.
In my case, some assets such as images and CSS files were loaded as http, which caused insecure marking.
Are you seeing any error messages in the browser console?
1 like
Feb 26, 2022
14
Level 13
Not secure after deployment my laravel apps
Hello guys, I have a problem which confusing and disappointing me . The problem is: after finishing a laravel app and deploying it , everything works fine except for the non secure mark that appears with the url. I tried so many solution but I haven't figured it yet. I tried forcing the http to https from my laravel app but It doesn't work and I also tried to use SSL certificate from my hosting and actually It didn't work aswell. I tried to deploy on different hosts and the problem appear with all of them and that leaded me that the problem in something in the development but I didn't find it out. I didn't upload my .env and I even set my APP_DEBUG variable to false while deployment. So please can someone try to help me to figure this out?
Level 13
@tjanuki No I don't have anything in the console. I actually use S3 with AWS and I checked my images right now and they all are loaded via Https
Level 102
Can you share a link so we can see the exact issue?
1 like
Level 13
@Sinnbeck Here's a link of the site after deploying it in heroku: https://aqueous-brushlands-28659.herokuapp.com And this is another link after deploying it in cloudways: http://www.go-credit.xyz/
Level 122
@Ahmed234 OK so your heroku installation issues a redirect to http://
Your www.go-credit.xyz installation, the server certificate is for go-credit.xyz - not for www.go-credit.xyz
Entering https://go-credit.xyz instead, the request is redirected to http://
1 like
Level 54
i guess that you may need to purchase real SSL certificate from Digicert or any authorized certificate provider to be installed in the production server...
1 like
Level 13
@siangboon Cloudways is not providing authorised certificate??
Level 13
I remember that I once made a middleware to force the route to https and I used this middleware to the login form and when try to login it just redirects back with this error in my console:
Migrate entirely to HTTPS to have cookies sent to same-site subresources
but when i removed the middleware from the login route it works fine.
Level 122
@Ahmed234 You also have a redirect loop.
http://go-credit.xyz/ redirects to http://go-credit.xyz/
1 like
Level 13
@Snapey So , Is that a server problem?
Level 122
@Ahmed234 no, a problem with your code. Probably middleware
Level 13
@Snapey I'm not using the default middleware by laravel which is TrustHosts. but I acturally use the csrf token in each form i have. Is that a problem?
Level 13
@Snapey Thanks man I really apperciate your help , I debuged my middlewares and I found the problem.
Level 1
I am using Laravel 11.42.1, and my Heroku app did the same thing. These were the changes I made to get it to work:
- Edit "app/Providers/AppServiceProvider.php" with this code:
<?php
namespace App\Providers;
use Illuminate\Support\Facades\URL;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
// Force HTTPS in non-local environments
if($this->app->environment('production', 'staging')) {
URL::forceScheme('https');
}
}
}
- Run this command in the terminal to create a new middleware class:
php artisan make:middleware TrustProxies
- Edit "app/Http/Middleware/TrustProxies.php" with this code:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Http\Middleware\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application
*
* @var array|string|null
*/
protected $proxies = '*'; // Trust all proxies (Heroku's dynamic IPs)
/**
* The headers that should be used to detect proxies.
*
* @var int
*/
protected $headers =
Request::HEADER_X_FORWARDED_FOR |
Request::HEADER_X_FORWARDED_HOST |
Request::HEADER_X_FORWARDED_PORT |
Request::HEADER_X_FORWARDED_PROTO |
Request::HEADER_X_FORWARDED_AWS_ELB;
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
return $next($request);
}
}
- On Heroku, I set APP_ENV and APP_URL environment variables on my staging and production apps. I ensured the SSL certificate was created and working.
Please or to participate in this conversation.