Laravel serving assets insecurely with AWS

This is an easy gotcha. If you're using AWS you need to change your config. It's very simple and, as usual, Laravel's documentation has the solution. You can read more here:

https://laravel.com/docs/5.6/requests#configuring-trusted-proxies

All I had to do (as an AWS Elastic Beanstalk user) was edit app/Http/Middleware/TrustProxies.php:

class TrustProxies extends Middleware{    /**     * The trusted proxies for this application.     *     * @var array     */    protected $proxies = '*';    /**     * The headers that should be used to detect proxies.     *     * @var int     */    protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;}

Now everything is fine. Easy to miss when setting up a new project.

I believe secure_asset is what you're looking for.
Here an example:

<link href="{{ secure_asset('assets/mdi/css/materialdesignicons.min.css') }}" media="all" rel="stylesheet" type="text/css" />

Update:

A better solution to do it right (tested in laravel 5.4):

<?phpnamespace App\Providers;use Illuminate\Support\ServiceProvider;class AppServiceProvider extends ServiceProvider{/** * Bootstrap any application services. * * @return void */public function boot(){    if(env('APP_ENV') == 'production') {        \URL::forceScheme('https');    }}/** * Register any application services. * * @return void */public function register(){    //}}