Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

legecha's avatar

Why does Laravel redirect to HTTP routes?

I am using Laravel, with Jetpack, using the Livewire scaffolding. The proejct is pretty much a new installation, with only some models/migrations/etc setup but no controllers yet. I haven't changed any default routes.

When I login, I enter my credentials and the POST request sends back a Location header to /dashboard but it does so using an http:// URL instead of an HTTPS one. My vhost in apache is setup with :443 as the port. The URL itself is accessed on an HTTPS domain, with the certificate/DNS hosted by Cloudflare.

When I navigate the site, the dashboad, login, register and home (via logo) links all point to HTTPS. The <form> action on all forms is HTTPS too, and it's not until I actually login or register that it sends the 302 redirect to the http:// version of the URL.

I have the site URL in .env set as https://.

Is this Jetstream (fortify)? I don't think it's Cloudflare because I tried using the dev server IP in my hosts file and skipped Cloudflare completely and it still had the same issue.

If there is any further information I could share I'd be glad to.

0 likes
4 replies
Snapey's avatar

when cloudflare terminates the ssl connection then all traffic between your site and cloudflare will be over http. So as far as your application is concerned, it is serving requests over http and responds with the same.

Setting up trusted proxies may help, otherwise force th scheme as per the previous suggestion

https://laravel.com/docs/8.x/requests#configuring-trusted-proxies

the APP_URL is only used where there is no request such as CLI and queued jobs.

legecha's avatar

Would this be the case though for when I directly view the site when bypassing Cloudflare?

I don't think it's Cloudflare because I tried using the dev server IP in my hosts file and skipped Cloudflare completely and it still had the same issue.

Is there anything I can dump to share with you guys to confirm either way?

Snapey's avatar

When you view directly you will be using http if the server does not have ssl certificate installed.

Please or to participate in this conversation.