Laravel not using https for assets and dynamic routes
The asset()
helper relies on a couple possibilities to determine whether to make a HTTP or HTTPS URL:
$_SERVER['HTTPS']
beingon
. This is Apache's way of doing things. For nginx, you can set that server param yourself in the config.$_SERVER['HTTP_X_FORWARDED_PROTO']
beinghttps
.
If you're behind a load balancer, it's probably sending the X-Forwarded-Proto
header, but Laravel doesn't trust it by default because it can be set by a malicious user in some cases. You can tell Laravel to trust this header coming from your load balancer using the TrustedProxy package. (edit: This is now built into Laravel)
See also: Symfony2: getScheme does not return 'https' (Laravel uses Symfony's getScheme()
function for this)