I'm attempting to release a Laravel website on a server that is behind a load balancer. The domain SSL is hosted on the load balancer to enforce HTTPS. However, the server hosting the website does not have SSL. This causes a miss-match of HTTPS and HTTP when requesting assets.
When on the server, the site works perfectly. (localhost/CentralizedSettings/login) When requesting outside the server(https://blahSite.com/CentralizedSettings/login), css file is blacked and I get this error:
Error message:
Mixed Content: The page at 'https://blahSite.com/CentralizedSettings/login' was loaded over HTTPS,
but requested an insecure stylesheet 'http://blahSite.com/CentralizedSettings/css/app.css'.
This request has been blocked; the content must be served over HTTPS.
head.blade.php
<link href="{{ asset('css/app.css') }}" rel="stylesheet" type="text/css" />
.env file:
APP_ENV=local
APP_URL=https://blahSite.com/CentralizedSettings
Things I've tried:
- Adding the APP_URL to the .env file
- Changing the url to localhost
- Using asset(mix('css/app.css'))
I think the solution is to force https in production :
<?php
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\URL;
class AppServiceProvider extends ServiceProvider
{
public function boot()
{
if($this->app->environment('production')) {
URL::forceScheme('https');
}
}
}
another solution is to use ASSET_URL :
.env
ASSET_URL=https://example.com
.env.local
ASSET_URL=http://local.example.com