Our website is hosted on a load balanced server. SSL offloading is done on the firewall, so the client is reverse proxied to the web server farm.
When the https request reaches our Laravel app, the server variable HTTPS is empty and Laravel doesn't seem to detect the https mode and generates urls (assets & routes) as:
Is there a way to configure Laravel to force the url's to generate https links? We prefer to have a configuration solution because we have a development and staging environment that aren't running under https.
Notice: We already tried the "trustedproxy" approach from fideloper, and this resulted in no change. I presume that a .htaccess rewrite is not an option since htaccess rewrites are based on the same https header (we don't receive) or port (80, laravel calls port 443).
Thanks for the help.
Laravel's UrlGenerator class has a method called forceSchema, which allows you to force the schema to be used and ignore the one extracted from the request's URL. Just create a service provider SecureRoutingServiceProvider which uses Laravel's IOC to override the default generator and return an instance that forces the secure schema:
use Illuminate\Routing\UrlGenerator;
use Illuminate\Routing\RoutingServiceProvider;
class SecureRoutingServiceProvider extends RoutingServiceProvider
{
public function boot()
{
App::bind('url', function () {
$generator = new UrlGenerator(
App::make('router')->getRoutes(),
App::make('request');
});
$generator->forceSchema('https');
return $generator;
}
parent::boot();
}
}
Next we'll need to register the service provider by adding it to the providers array in app/config/app.php:
'providers' => array(
...,
'SecureRoutingServiceProvider',
)
And that's all there is to it. I've tested this code and it works fine (in Laravel 4.2).
Working on the same issue with Laravel 5 Pagination Feature. For that its not enough to just force the URL Schema in the Generator, because its using the URL associated with the Request. After digging i found a good fix.
Illuminate\Http\Request has a trustedProxies Array that is basically for this case.
I still used the SecureRoutingServiceProvider from Bogdan as a starting point to whitelist our Load Balancer.
public function boot()
{
Request::setTrustedProxies(['10.0.0.X']); // Here should be your internal LB IP
parent::boot();
}
After that it worked pretty well. Of course you should put the IP in a config/env file.