Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

maska's avatar
maska
OP
2 years ago
Level 1

Laravel expose (Mixed Content...)

I am using expose with herd on a new laravel breeze app (using blade) , whenever i use this command

PS C:\Users\rodol\Herd\doolocksystemblade> expose share doolocksystemblade.test
You are not allowed to specify custom subdomains. Please upgrade to Expose Pro. Assigning a random subdomain instead.

Status:                 Expose Free - Get custom subdomains and access to our performant global server network with Expose Pro! ➡️  https://expose.dev/get-pro
Shared URL:             doolocksystemblade.test
Dashboard:              http://127.0.0.1:4040
Public HTTP:            http://4yv5djhewc.sharedwithexpose.com
Public HTTPS:           https://4yv5djhewc.sharedwithexpose.com

I tried to access the site on '/' everything works fine I can see the first page but whenever to go the '/login' or '/register' , the css is not loaded perfectly and i get this error in my console

Mixed Content: The page at 'https://4yv5djhewc.sharedwithexpose.com/login' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://4yv5djhewc.sharedwithexpose.com/login'. This endpoint should be made available over a secure connection.

and whenever I fill the form and send the request

The information you’re about to submit is not secure
Because this form is being submitted using a connection that’s not secure, your information will be visible to others.

and this is my env file

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:MYIv4/+QlgRg9KQuDb7JKY8I0utkDZOQAQgJqZ/xzgU=
APP_DEBUG=true
APP_TIMEZONE=UTC
APP_URL=https://doolocksystemblade.test
ASSET_URL=https://doolocksystemblade.test

APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US

APP_MAINTENANCE_DRIVER=file
APP_MAINTENANCE_STORE=database

BCRYPT_ROUNDS=12

LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=doolocksystemblade
DB_USERNAME=root
DB_PASSWORD=

SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null

BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=database

CACHE_STORE=database
CACHE_PREFIX=

MEMCACHED_HOST=127.0.0.1

REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=log
MAIL_HOST=127.0.0.1
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="[email protected]"
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

VITE_APP_NAME="${APP_NAME}"
0 likes
3 replies
gych's avatar

This error means that you should use https for the form endpoint instead of http to have a secure connection

e.g.

https://4yv5djhewc.sharedwithexpose.com/login
brandonaaskov's avatar

For me, the only assets that were coming through as http were js and css files, which tells me it's something to do with the vite build process. For the Laravel Vite plugin, there's a note in the docs about using ASSET_URL when assets are deployed from a different domain, but this solved my issue when on the same domain. Hopefully it helps you as well :)

UUID's avatar

just add URL::forceScheme('https'); in boot method in the AppServiceProvider

Please or to participate in this conversation.