Laravel: Set asset without protocol

Laravel create secured link only if the request is considered as secured.

Laravel has already a way to treat non httpS traffic as "secured" if it's comming from a "trusted proxies".

You can declare such trusted proxies in your application service provider like that:

 Request::setTrustedProxies(array( '199.27.128.0/21', 'some other range'));

Also, make sure your loadbalancer set the following headers correctly:

Host, X-Forwarded-Host, X-Forwarded-Port, X-Real-IP, X-Forwarded-For and X-Forwarded-Proto

"Public" proxies such as cloudflare already does this btw.

Basically the point here is that client connection is terminated at one of the frontend servers (acting as a proxy), thus we have to declare communication from that server as trusted so that laravel use headers from the proxy server instead of the values readed localy.

Doing this enable functions such as Request::isSecure() or Request::ip() to return a consistent result.

Laravel will automaticly change the url of the asset to the protocol used to load the site.

If your site is loaded over a secure connection, the asset links will automaticly use https.

Update:

If you do want to display the assets with only //, you could write your own HTML macro.

I had the same issue, then I discovered that the asset() method has an optional second variable, true or false for SSL requests.

The solution that I use is the following:

<link rel="stylesheet" href="{{ asset('assets/bootstrap/3.3.7/css/bootstrap.min.css', !App::isLocal()) }}" /><script type="text/javascript" src="{{ asset('assets/parsley/2.4.4/parsley.min.js', !App::isLocal()) }}"></script>

Notice:

!App::islocal()

If my application environment is local, SSL isn't chosen, however in the production environment the assets will be called over SSL.