Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

oscaribarra25's avatar

Livewire File Upload issue in production

Hi everyone,

I have an application using Livewire and FileUploads. Everything works fine in local dev machine. But when going to production (which is using HTTPS) the file upload control is not working as expected.

I already changed .env as follows APP_ENV=production APP_DEBUG=false APP_URL=https://hostname/ ASSET_URL=https://hostname/

Added protected $proxies = "*"; to TrustedProxies Middleware

But I am having an error when trying a file upload Mixed content issue because livewire is trying to do a XmlHttpRequest to a URL that have http instead of https and ip address instead of host name.

If I add to header then the only change is that https is now correct but it still trying to call to the resource via its IP so I get a net::ERR_CONNECTION_REFUSED

I created an artisan command to test this on the server using $this->info(url());

And it is showing everything as it should in the console https and host name but for some reason coming from web it is not working as expected.

Can anyone give me some lights on what I might be missing here?

Thanks in advance.

Best regards

0 likes
7 replies
DoubleClickDesignLtd's avatar

Hi @oscaribarra25 ,

Uploading images using Livewire can be very frustrating when it comes to https protocol.

I've been using Livewire for about 2 years in production system so hopefully the below will help you.

In App\Providers\AppServiceProvider add the following if statement to your boot function like so...

 public function boot()
    {

        if($this->app->environment('production') || $this->app->environment('staging')) {
            \URL::forceScheme('https');
        }

    }

This will force all https request for staging and production.

In App\Http\Middleware\TrustProxies make sure the protected proxies is set like below

 protected $proxies = '*';

Hopefully this will fix your problem.

If it does not let me know what version of Livewire your using and the exact error and I'll try and help further.

Best of Luck with it!

Regards

Mark

boft's avatar

@DoubleClickDesignLtd Thanks, it works. I don't know what would happen if I didn't find this sooner. Also if you don't mind, can you explain what all those codes do? Thanks in advance

Zephni's avatar

@DoubleClickDesignLtd thatnks this worked for me, however in Laravel 11 you have to set the trusted proxies within bootstrap/app.php instead by adding:

->withMiddleware(function (Middleware $middleware) { $middleware->trustProxies('*'); })

Is this safe to do though?

DoubleClickDesignLtd's avatar

Hi @Zephni when I wrote this I was developing in Laravel 9. So yes I can confirm it would of moved for Laravel 11 and version 12 etc.

Snapey's avatar

laravel will normally try and match the scheme used on the inbound request.

Where this gets complicated is when you have an SSL proxy like cloudflare which terminates the https requests. The request from cloudflare to your server is then over http and the framework believes that its response should also be http

The APP_URL is only used in places where the scheme cannot be automatically detected such as links sent out from queued jobs or commands.

There is also an indication that TrustedProxies is not working by the fact that Livewire tries to use the IP address.

Normally my advice is to read the docs and then set the trust proxy settings.

https://laravel.com/docs/10.x/requests#configuring-trusted-proxies

But I see you say you have tried setting the TrustedProxies middleware, but have you made sure that this middleware is not commented in Kernel.php ?

oscaribarra25's avatar

Thanks @doubleclickdesignltd and @snapey.

I am using protected $proxies = '*'; in the TrustedProxies already and I verified the Kernel and this Middleware is not commented

This is how it looks currently

protected $middleware = [ // \App\Http\Middleware\TrustHosts::class, \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \App\Http\Middleware\PreventRequestsDuringMaintenance::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, ];

The only commented Middleware is the TrustHosts one.

I asked for help to client's IP team and they made some changes in the proxy setup. Now it is working but only for external requests (which comes from https://subdomain) but for internal users (employees) requests (which comes from http://ipaddress) the livewire fileupload stopped working now the browser in this scenario is complaining about mixed content.

The thing is that the application has a public end and a backoffice end. The client requirement for each one these environment is:

I also ended storing the attachments in mysql as a base64 string to avoid any further issues that has to do with resolving paths/urls/etc.

I am using Laravel Framework 10.29.0 with livewire/livewire ^3.0

oscaribarra25's avatar

Any feedback regarding this? I am about to start digging into WithFileUploads trait to understand it under the hood.

Any help will be greatly appreciated.

1 like

Please or to participate in this conversation.