From 194ef1ffe582176120974ac8e1bac7154771573f Mon Sep 17 00:00:00 2001
From: jeremy bayse <jeremy.bayse@gmail.com>
Date: Wed, 29 Apr 2026 07:30:48 +0200
Subject: [PATCH] fix: force HTTPS behind reverse proxy

Set APP_URL to production HTTPS URL, force URL scheme and trust proxy
headers in production to prevent mixed content errors.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 app/app/Providers/AppServiceProvider.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/app/Providers/AppServiceProvider.php b/app/app/Providers/AppServiceProvider.php
index 96e9f6c..6eeaed1 100644
--- a/app/app/Providers/AppServiceProvider.php
+++ b/app/app/Providers/AppServiceProvider.php
@@ -2,6 +2,8 @@
 
 namespace App\Providers;
 
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\URL;
 use Illuminate\Support\Facades\Vite;
 use Illuminate\Support\ServiceProvider;
 
@@ -21,5 +23,10 @@ class AppServiceProvider extends ServiceProvider
     public function boot(): void
     {
         Vite::prefetch(concurrency: 3);
+
+        if (config('app.env') === 'production') {
+            URL::forceScheme('https');
+            Request::setTrustedProxies(['*'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
+        }
     }
 }