Geek Answers Handbook

Migrating from HTTP to HTTPS on Laravel over CloudFlare

I have an application made on laravel 5.2. It worked fine on HTTP.

I used the asset function to generate the full url instead of using a relative, like

 <link rel="stylesheet" type="text/css" href="{{ asset('/css/bootstrap.min.css') }}">

According to the laravel documentation here , the asset method automatically determines the request protocol and creates the URL accordingly.

Now the application does not work on HTTPS, I can use secure_asset for HTTPS URLs, but then it will stop working on HTTP and localhost .

I know that there is something that I am missing and it’s not easy to just switch from HTTP to HTTPS with laravel

PS - Cloudflare used to serve HTTPS requests.

+7
php laravel cloudflare
source share
3 answers

All the answers received are still correct, but no one has solved my problem.

The main problem was that my application was behind CloudFlare

Laravel detects the request as safe or insecure by checking the HTTP header, i.e. $_SERVER['REQUEST_SCHEME'] , which remains HTTP, even Request is HTTPS due to cloud phleb.

CloudFlare sets a different header for the same ie $_SERVER['HTTP_X_FORWARDED_PROTO'] that must be checked to see if the request is safe or not

After this article and making some changes to this, I successfully managed to create an HTTPS URL without making any changes to the previous application code.

+6
source

Access to the request To get an instance of the current HTTP request through dependency injection, you must enter the hint class Illuminate\Http\Request in your constructor or controller method https://laravel.com/docs/5.2/requests#request-information

instead of manually configuring it through configs, you can use Request :: secure () to check if the request is being executed via HTTPS

+1
source

According to the laravel resource , the resource will generate a protocol based on the request information, unless you explicitly hint at using http / https. So, you should not change anything here. This will switch to https as soon as you start requesting it through a secure connection.

+1
source

More articles:


All Articles