Mixed content issue- Content must be served as HTTPS

You need to set the domain name in your config/app.php file like so

'url' => env('APP_URI', 'http://localhost'),

This is not the default in Laravel at the moment. Once you have updated this you can add a new item to your .env file for local and production

APP_URI=http://domainname.com

@bobbybouwmann I tried this, but could get it working.

Here is what I tried

in my app.php file

'url' => env('APP_URI', 'http://localhost'),

and in .env file

APP_ENV=production
APP_URI=https://laravelapp.domainname.com

.../

Any other ideas?

Any other ideas regarding this subject? I am sure not the only one having this kind of a problem.

@sevmardi what does this render to on production sever?

is causing an error.

...What error?

Simply put in your App/Providers/AppServiceProvider in the boot method: $url->forceSchema('https');

Or in an if statement to check environment so you don't have to update for production or local

If(env('APP_ENV') !== 'local') { $url->forceSchema('https'); }

I think i'm experiencing the same issue as @sevmardi and i've been trying to figure this out. Most of the time my application will work just fine, but every now and then my application will go into an infinite redirect and then tell me that the stylesheet and the secripts are being loaded over http instead of https.

I'm using the elixir helper to generate the path and forcing https at the .htaccess level. Very confusing...

@jekinney, I will try your solution to see if that makes a difference :)

@bobbybouwmann, I believe I've tried that solution and no dice on that.

ShaunL

@jekinney, I attempt the recommended fix but recieved an error in the service provider as the url variable was undefined

@Shaunl I'll copy and paste in a minute. You need you use url class. Sry.

This is only an issue if you attempt to specify the protocol for your assets (such as by using the assets helper)

I never bother, and just know that my cs will be in '/css' (note preceding backslash, meaning it's in the root)

In this case, the visitor's browser will use the same protocol for the assets as it did for the main page.

I have never seen anything written down anywhere that says it's better to specify the fully qualified name for each asset.

@Snapey Indeed. If you force HTTPS in Apache/nginx etc, the helper will use that protocol.

@jekinney thank you, I'll give that a shot and report back what happens

@snapey, @bashy, I appreciate your feedback! I'm controlling with the .htaccess file and this still seems to be an issue. Here is a little bit more background. I'm using elixir's cache busting so I use the elixir helper to point to a css file and a javascript file. I believe these might be the issue because I keep getting an error that they are attempting to be loaded over http instead of https (mixed content error). When I look at the source code it appears it is an absolute path to the files

<script src="/build/js/app-4adr2f61.js"></script>

Since this happens randomly it is difficult to replicate effectively, however, I have been able to use chrome dev tools to parse out a bit more info about what is going on when I was finally able to replicate the error.

It appears the application attempts to load in the elixir css and js files but the network log says the request has been cancelled in the status column. A typekit javascript file loans in with a 200 statu code then this is where it gets really weird. the first image loads in and it return a 302. Then another js files gets cancelled then I get errors with just the domain name and in the status column says it's been blocked per mixed content. Then the insane redirects start happening and the browser finally gives up. When the redirects happen they appear to be just the domain over http. Nothing is redirecting to the home page so very confusing. All of the files before the redirects are over https. If users attempt to reload the page they get a redirect error and cannot even view the page until they delete their cookies.

Another thing to note is when this error happens it appears the page will initially load but it is in the default browser style. So it looks like it might be a CSS issues because none of my styling is showing up.

ShaunL

@Snapey

I personally have had issues with deeper routes not finding the css and script files. So my personal preference is use the asset helper..

Agreed, who's to say what is "better" as long as it works!!!!

To anyone using Forge's Load Balancers, and attempting this same thing, the HTTPS DOES NOT get passed on with load balancers (meaning to the Laravel installation, it appears that you are coming from HTTP). You have to manually set each asset/image/route to allow for HTTPS. After many hours of banging my head into the keyboard.

I changed the DNS to skip the load balancer, and got an SSL certificate on my main server, and boom, off to the races.

Laravel 5.4:

namespace App\Providers;

use Illuminate\Support\Facades\URL;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    public function boot()
    {
        URL::forceScheme('https');
    }

I added

if (App::environment('production')) {
    URL::forceScheme('https');
}

to the top of my api.php and web.php route files, fixed mix includes and forces the whole site as https

anyone knows how it can be fixed with laravel 5.5

@LIBSON - Do you have tried solution from @jekinney ...? https://laracasts.com/discuss/channels/laravel/mixed-content-issue-content-must-be-served-as-https#reply=130444

It works 100% with my Laravel 5.5. You just have to edit 'app/Providers/AppServiceProvider.php'. You should try it, before comment.

@STWILSON - This one works! thank you

I think this issue occurs when cloudflare handing SSL. If you can not manage cloudflare, @jekinney's answer best solution.

In case anyone encounters the same problem in the future, I had the same problem and tried all the suggestions above but none solved my problem. I however got it solved by following the instructions in this StackOverflow post: https://stackoverflow.com/a/75357483/11548885