Level 4
I'm pretty sure that the path is generated with the help of your URL-setting.
Try checking your .env file. Maybe you have defined your URL as something like URL=http://yoursite.com? In that case, you can just change http to https :-)
Dec 15, 2016
12
Level 1
How to apply HTTPS to the helpers asset and url
Hi. I am using L5.2 and after I added the HTTPS protocol using CloudFlare, I have problems with the assets path and the links.
Before I was using the helpers as follows:
{{ asset('js/my_script.js') }}
{{ asset('css/my_styles.css') }}
But the helpers generate a full path with HTTP instead of HTTPS. To correct that I add a second parameter (TRUE to use a secure path). Since I work locally I also need to set the 2nd parameter as FALSE and just use TRUE in production.
To achive that I have the following:
{{ asset('js/my_script.js', env('REDIRECT_HTTPS'))) }}
{{ asset('css/my_styles.css', env('REDIRECT_HTTPS'))) }}
And that works. But, I would have to modify all my blades.
There is a more simple way to do it? Or how I can override the helpers? I want to set a default value to the 2nd parameter (my env variable).
Thanks in advance.
Level 11
@sorcjc You could just create a new helper in your own helpers.php file.
if (!function_exists('my_asset')) {
function my_asset($path)
{
return asset($path, env('REDIRECT_HTTPS'));
}
}
Of course you probably want to use a better name then my_asset.
Level 1
Thank you both for your help.
@tyfc I have changed the APP_URL in my .env, but I am still getting the warnings:
Mixed Content: The page at 'https://mysite.com/' was loaded over HTTPS, but requested an insecure script 'http://mysite.com/assets/js/main.js'. This request has been blocked; the content must be served over HTTPS.
@craigpaul In this case I want to override the helpers, since I have used the helpers in a lot of pages. Should I use the next?
function asset($path)
{
return asset($path, env('REDIRECT_HTTPS'));
}
Level 1
I finally found a solution:
<?php
namespace App\Providers;
use Illuminate\Routing\UrlGenerator;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot(UrlGenerator $url)
{
if(env('REDIRECT_HTTPS'))
{
$url->forceSchema('https');
}
}
Thanks to @jekinney for post this solution in https://laracasts.com/discuss/channels/laravel/mixed-content-issue-content-must-be-served-as-https
7 likes
Level 11
@sorcjc If you wish to override the asset helper, then ya, don't put an if statement around it and just make sure composer is autoloading your helper file.
Level 53
If you use secure_asset(), it will only use https.
4 likes
Level 7
forceSchema('https') has changed to forceScheme('https') from Laravel Version 5.4
Or, you can use asset('foo/bar.zip', env('REDIRECT_HTTPS')) individually.
Or, you can use secure_asset('foo/bar.zip') individually.
Or, You can add it in your AppServiceProvider's boot method.
<?php
namespace App\Providers;
use Illuminate\Routing\UrlGenerator;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot(UrlGenerator $url)
{
if(env('REDIRECT_HTTPS'))
{
$url->forceScheme('https');
}
}
**References: **
https://laravel.com/api/5.4/Illuminate/Routing/UrlGenerator.html#method_forceScheme https://laravel.com/docs/5.5/helpers#method-secure-asset
3 likes
Level 1
Thank you 'sorcjc' it really helps me:
1 like
Level 1
I'm using Laravel 5.4
example {{ asset ('js/app.js') }} to {{ secure_asset('js/app.js') }}
Level 1
as of 5.4 it's
$url->forceScheme('https');
with an "e".
https://laravel.com/api/5.4/Illuminate/Routing/UrlGenerator.html#method_forceScheme
Level 1
Even after a few years this issue came up on my projects and I finnaly found out why.
Basically Laravel determines the scheme to use (http or https) by evaluating to which scheme the request was made. But allthough the requests are made with https, all generated urls are only grenerated with http.
In our server environment, as well as in many other I guess, there is a proxy server in between. The https requests are arriving at the proxy but the proxy itself accesses the Laravel project internally only with http. So Laravel is always just aware of http and never generate links with https.
We also use the already proposed solution
$url->forceSchema('https');
1 like
Level 102
@Göhrk Or use trusted proxies. https://laravel.com/docs/9.x/requests#configuring-trusted-proxies
1 like
Please or to participate in this conversation.