Closed kevlongalloway closed 10 months ago
Same problem, I used \Illuminate\Support\Facades\URL::forceScheme('https')
, but redirects still not working correctly
The issue you are facing is not directly related to the Laravel Orchid package itself but rather the configuration of your web server. Laravel relies on the Symfony routing package, which determines whether to use HTTP or HTTPS based on the global variable $_SERVER['HTTPS']
.
To resolve this issue, you need to ensure that your web server correctly sets the value of $_SERVER['HTTPS']
to 'on'
when serving the Laravel application. This configuration ensures that Laravel uses HTTPS for its requests.
As the author of the Laravel Orchid package, I cannot directly affect your environment or make changes to your web server configuration. This issue can be resolved by correctly configuring your web server to serve the Laravel application using HTTPS.
Duplicate:
https://stackoverflow.com/a/62111949/2420984 That is works fine!
Description
In my production environment, I am encountering an issue with the Laravel Orchid package where the orchid.js file is making fetch requests using HTTP instead of HTTPS. This is causing access control errors in the browser due to mixed content, resulting in the inability to load resources securely.
Expected Behavior
Fetch requests made by the orchid.js file should use HTTPS protocol in a production environment to ensure secure communication between the client and the server.
Actual Behavior
Currently, the fetch requests initiated by the perform() function in the orchid.js file are using HTTP protocol, leading to mixed content errors and access control checks.
Steps to Reproduce
Deploy a Laravel Orchid application in a production environment with HTTPS enabled. Observe the network requests made by the orchid.js file and notice that they are using HTTP instead of HTTPS.
orchid.js
Additional Information
Laravel Orchid version: 14.8 Laravel version: 10.2 PHP version: 8.1.6 Browser: Chrome Operating System: Mac OS
Proposed Solution
The fetch requests initiated by the perform() function in the orchid.js file should be updated to use HTTPS protocol when making requests in a production environment. This will ensure secure communication and avoid mixed content errors.
Impact
This problem is resulting in access control errors and hindering the smooth operation of the application within a production environment that employs HTTPS. I am currently facing this issue specifically on the login page, where clicking the login button leads to a prolonged loading state and triggers an error message in the console. Interestingly, if I manually navigate to the "/admin" URL, I am able to successfully log in. Given these circumstances, it is imperative to rectify this matter promptly to uphold the security and dependability of the application.