Level 102
Try setting this this in your env file
ASSET_URL=https://neko-finder.herokuapp.com
Jul 26, 2022
7
Level 5
Mixed content error fix (Heroku, Laravel 9)
Laravel (and webdev in general) newbie here. Finally managed to kind of deploy my website, but really not sure if follows any kind of best practices. And I'm getting mixed content error.
I'd appreciate it if you could just point me in the right direction for my case.
The error started appearing once I began using asset() helper on my website to get the content to display properly.
So I Googled it 1 2 3 and not sure if any of these solutions are up-to-date and fit my heroku case.
If I understand it correctly, this error happens because asset() helper fetches APP_URL that is not https://. Thing is, in my heroku dashboard I've set the APP_URL variable to be my https:// root.
Should I just change it to secure_asset() helper or should I do something about my app.php by changing the line below
'url' => env('APP_URL', 'http://localhost'),
to
'url' => env('APP_URL', 'https://localhost'),
Sorry if my question is too low-level, but I really want to understand what's going on :) Any advice would be much appreciated. I also ran the commands described in Laradocs->Deployment prior to pushing my app.
Level 5
@Sinnbeck Just to clarify: since I'm not pushing my .env to the repo for security reasons, I have to modify it in my heroku environment, right?
Heroku has a thing called Config Vars and my APP_URL is set to be precisely what you just advised. Should I do the same modification in my app.php?
Level 102
@Pawooo Add another variable to that list. Notice that mine is named ASSET_URL not APP_URL :)
Level 5
@Sinnbeck Changing every single asset load to secure_asset() seems to have helped. Did I cure the symptom but not the cause? Should I roll back to continue diagnostics? :)
Level 5
Add another variable to that list. Notice that mine is named ASSET_URL not APP_URL :)
My bad! Will try that!
Level 102
@Pawooo Personally I think its best to set the ASSET_URL variable instead of forcing https on every asset. If your local dev environment isnt https, it will give you problems :)
Level 5
@Sinnbeck I guess I have a vague understanding now of what has happened! Thank you again!
Please or to participate in this conversation.