fix: force HTTPS behind reverse proxy

Set APP_URL to production HTTPS URL, force URL scheme and trust proxy headers in production to prevent mixed content errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 07:30:48 +02:00
parent 26c6d8031c
commit 194ef1ffe5
1 changed files with 7 additions and 0 deletions
--- a/app/app/Providers/AppServiceProvider.php
+++ b/app/app/Providers/AppServiceProvider.php
@@ -2,6 +2,8 @@

 namespace App\Providers;

+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\URL;
 use Illuminate\Support\Facades\Vite;
 use Illuminate\Support\ServiceProvider;

@@ -21,5 +23,10 @@ class AppServiceProvider extends ServiceProvider
    public function boot(): void
    {
        Vite::prefetch(concurrency: 3);
+
+        if (config('app.env') === 'production') {
+            URL::forceScheme('https');
+            Request::setTrustedProxies(['*'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
+        }
    }
 }