skip to Main Content

I need help forcing Laravel 5.7 on my site to use https.

I’m on a shared host, and this morning my hosting provider "upgraded" the server I’m on from cPanel to Site Tools. In the process, my custom Laravel app got broken.

My hosting provider hasn’t provided much help, and I’ve been searching forums all day and trying lots of different things to no avail. I’m not very knowledgeable about Laravel, and some of the things I’ve seen on forums about this reference files that don’t seem to exist in my particular Laravel app. (I didn’t develop this app…definitely above my paygrade.) Some of the forums talk about clearing the cache, but I don’t have access to the terminal on a shared host to clear the cache. I’ve tried making adjustments in .htaccess and .env, but I really don’t know what I’m doing.

Currently in dev tools on Chrome I’m getting lots of "Mixed Content" errors. The CSS and JS resources are trying to load http even though the site is https, and they’re getting blocked.

Please help. I’ll be glad to post code excerpts from my files upon request.

Edit:

I think part of my problem is that my Laravel app seems to be missing several of the default pieces that are included usually. For example, I don’t have a "config" folder at all. But I don’t know if grabbing that folder from a repository and simply adding that folder and the files therein to my app solves the problem.

Edit:

Here is my AppServiceProvider file from appProviders:

<?php

namespace AppProviders;

use IlluminateSupportServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
      if(env('APP_ENV') === 'production') {
        URL::forceScheme('https');
      }
    }

    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        //
    }
}

2

Answers


  1. Just change all your references on your template file from:

    <script src="http://example.com/js/jquery.js"></script>
    

    to

    <script src="//example.com/js/jquery.js"></script>
    

    or

    <script src="/js/jquery.js"></script>
    

    If you are using the Laravel asset() helper, you need to force the schema to https. On the best case scenario, you should use CORS package, but a quick fix is to add the follwing to the AppServiceProvider:

    use IlluminateSupportFacadesURL;
    
    public function boot() 
    {
        if (env('APP_ENV') === 'production') {
            URL::forceScheme('https');
        }
    }
    
    Login or Signup to reply.
  2. Place this in the AppServiceProvider in the boot() method

    if(env('APP_ENV') === "production") {
       URL::forceScheme('https');
    }
    

    it will force all your assets to https if you use laravel url helpers like assts() etc.

    then if you want no one cannot access http version of your application

    then you need to configure your server

    you can add in .htaccess

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search