Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

hasen39's avatar

the page was loaded over https but requested an insecure laravel livewire

hi I have used laravel livewire for my projects but i get this error on chrome console

Mixed Content: The page at 'https://mailx.to/' was loaded over HTTPS, but requested an insecure script 'http://mailx.to/vendor/livewire-charts/app.js'. This request has been blocked; the content must be served over HTTPS.

my .env app URL is HTTPS and asset URL also HTTPS. but still not working even I have tried this on the app service provider.

public function boot()
    {
        URL::forceScheme('https');
    }

thank you

0 likes
9 replies
Tray2's avatar

Somewhere in your code you tell it to use http when calling that url. Update the call and you should be ok.

vaibhav3027's avatar

@Tray2 There is some underlying issue which is deeply unsettling

This code is app.blade.php which is a parent of other files based on the routes.

`

`

This code works for every page except two routes all the routes are being loaded in https

but for two routes all these assets are being loaded in http which is giving mixed content error. moreover same route loading correct files when using the codebase in another port on the same machine.

is there some kind of setting which changes http to https loading of assets ?

zapps's avatar

I got a mixed content error too. Locally everything works fine but in production it genuinely became ridiculous. I spent far too much time trying to solve this. I've tried everything and eventually got it to work and thought I really need to share this.

My production environment is Cloudways.

I had an old Laravel 10 project, which I needed to upgrade. I primarily set it up to work with FilamentPHP. FilamentPHP installs its own Livewire. Like I said everything upgraded, fine and working on Local.

Mixed Content Error in Prod.

Others have also had the error on the Login page for Laravel. I found I was able to force HTTPS everywhere else but the LOGIN PAGE for LARAVEL just would work. Tried everything.

The step that worked was adding a line in the routes > web.php file:

if (env('APP_ENV')) { URL::forceScheme('https'); }

I've not investigated this further because I'm fed up of it but I think the experts need to look at why HTTPS failed to work after this line in web.php because this line broke my site and the line above fixed it:

require __DIR__.'/auth.php';

Auth handles all the Login stuff so theres something there and I don't want to look at it as it should be working.

Lastly, for the skeptics and know-it-alls, I tried forceScheme in boot(), didn't work.

Tried TrustedProxies, nothing.

Tried cloudways hosting setup to force EVERYTHING to load as HTTPS -> Nope.

Tried manually changing the login route... as in the route that was the issue, I manually typed it out on the Live server php file and included the 'https' and it STILL loaded as 'http' mixed content error!!!

And before and after every step I was clearing all caches for views, config, routes etc everything. I was also purging the Live site cache and purging the browser. That's how I know its not a caching issue.

So, anyone having this issue, do your due diligence and make sure everything in the ENV file is right, mainly the App_URL needs to include 'https'. If you're using FilamentPHP you need to include Asset_url in ENV file too.

And add the following to the BOTTOM of your web.php file and also, if you have an api set up then add it at the bottom of that file as well.

if (env('APP_ENV')) { URL::forceScheme('https'); }

Happy Coding.

Snapey's avatar

@zapps The answer is always Trusted Proxies. If this does not work for you, then you implemented it incorrectly.

Please or to participate in this conversation.