Mixed Content (laravel) - laravel-5

I get the following error (on every page)
app.js:703 Mixed Content: The page at 'https://sitename.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://sitename.com/index.php/getMessages'. This content should also be served over HTTPS.
The site is build with Laravel.
Is there anybody who knows how to fix this error?

In my case it's because I wasn't aware that the asset() function didn't handle https automatically (as pointed out by frankfurt-laravel's answer).
To get around this, since I don't use SSL in dev, I set ASSET_URL in the .env to the https url:
APP_URL=https://example.com
ASSET_URL="${APP_URL}"
This overrides the asset() function to use the https url, without having to modify the function at all. See the docs for more context.

If you are moving the website from HTTP to HTTPS, and it's was working perfectly on HTTP, and if you have added the new URL with https in config/app.php and also in the .env file then you may need to add the below snippet in your app/Providers/AppServiceProvider.php file's boot function and do not forget to add "use Illuminate\Support\Facades\URL;" at the top of the file to fix this error.
Please check attached for better sample code
use Illuminate\Support\Facades\URL;
public function boot()
{
URL::forceScheme('https');
}

I had same problem few days ago. Do you use Cloudflare? Change flexible SSL to Full.

I suggest to use the method argument $secure Laravel (5.6 has it definitely) provides:
When you use asset loading, e.g.
<!-- Scripts -->
<script src="{{ asset('js/app.js') }}" defer></script>
<!-- Styles -->
<link href="{{ asset('css/app.css') }}" rel="stylesheet">
You can lookup the definition for asset(), if you have some kind of advanced IDE. If not, please check this file helpers.php.
However, the documentation says
/**
* Generate an asset path for the application.
*
* #param string $path
* #param bool $secure
* #return string
*/
So you just need to pass true as the second argument, and then the resource is loaded in a secure way. For above examples it would be
<!-- Scripts -->
<script src="{{ asset('js/app.js',true) }}" defer></script>
<!-- Styles -->
<link href="{{ asset('css/app.css', true) }}" rel="stylesheet">
Please note, this will cause conflict if you use php artisan serve, as artisan is not capable to serve via HTTPS protocol. Thus you need HTTPS setup e.g. with Valet on MacOS or Homestead on Windows. Follow the links for setup details.
Hope this helps, please let me know if it worked.

Make sure to remove trailing slashes from XMLHttpRequest endpoint URL.

If you are using Laravel Octane, I figured the fix by looking at octane.php config file.
Set your env to let octane inform upstream framework to use HTTPS.
OCTANE_HTTPS=true
Fixed the issues I was having with mixed-content and email verification signature failure.

In your .env file set your url to https APP_URL=https://sitename.com and in your config/app.php set url to 'url' => env('APP_URL', 'APP_URL=https://sitename.com'), that should solve your problem

I'm using Laravel 8 and Livewire 2. I created the app on Digital Ocean and to fix those issues, I had to do it like this:
<!-- Tailwind CSS -->
<link href="{{ secure_asset('css/app.css') }}" rel="stylesheet">
<!-- Alpine -->
<script src="https://cdn.jsdelivr.net/gh/alpinejs/alpine#v2.x.x/dist/alpine.min.js" defer></script>
<!-- Scripts -->
<script src="{{ secure_asset('js/app.js') }}" defer></script>
#livewireStyles
I had to used secure_asset instead. That's on the Laravel Documentation.
I also had to change all "route" references for secure_url like this:
<form method="POST" action="{{ route('logout') }}">
<form method="POST" action="{{ secure_url('/logout') }}">
Hopefully this will help.

You opened the page 'https://sitename.com/' . But the javascript of this page sent an http request, not https.
You should change your javascript code to send https request.
There are two ways to send https request:
Put the protocol together with path.
$.get('http://sitename.com/index.php/getMessages')
Ignore the protocol, but put '//' before the path
$.get('//sitename.com/index.php/getMessages')

Related

Laravel mix - 404 error on routes with two levels

I have a small issue with my current configuration using Laravel for the backend, and Vue in the frontend, while my application is built using Laravel mix (6.0).
I am using the following simple mix configuration:
mix.js("resources/js/app.js", "public/js/app.js")
.vue()
.version()
.extract();
Everything works fine when running npm run watch, and when I launch the production build, I get as expected three files in my public folder (manifest.js, app.js and vendor.js). I included these three files in my app.blade.php file in the following way:
<script src="{{ asset(mix('js/manifest.js')) }}" defer></script>
<script src="{{ asset(mix('js/vendor.js')) }}" defer></script>
<script src="{{ asset(mix('js/app.js')) }}" defer></script>
The mix-manifest.json that comes out looks like this:
{
"/js/app.js": "/js/app.js?id=55e00bb7adfe7cc8d33c",
"/js/vendor.js": "/js/vendor.js?id=3cc2a9d83cabdff07b38",
"/js/manifest.js": "/js/manifest.js?id=7d6950016e73d672d079",
}
Most of the routes are working just fine with such a configuration.
However, the problem I am facing is a generic 404 error that shows up when trying to access particular routes having at least two levels, such as <my_website>/read/<post_id>. In this case, the browser tries to resolve something like <my_website>/read/js/app/1.js which obviously doesn't exist, as it should search for <my_website>/js/app/1.js instead.
Am I missing something obvious here? Is there any way to include a full path in the manifest file to avoid this, and making sure that the browser resolves the correct files? Or any other work around to make this work? Thank you!
You can force a base URL in the browser. This rewrites the URLs for you.
Use the <base> tag
See documentation of the base tag here:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base
Example:
<base href="https://www.example.com/">

How to use single css in a multi-tenant application

i'm developing a multi-tenant application with laravel & livewire.
I've a bootstrap template mounted such as a laravel project and i've integrated this template in my project.
For how the template is built, when I am on the localhost:8000/... views I get the correct rendering of the template, while when I go to the domain of a tenant, example: tenant.localhost:8000/... I completely lose the template.
I noticed that in resources/layout/default.blade to load all css and js there is a for loop that takes the css from the configuration file and loads them into the page
{{-- Global Theme Styles (used by all pages) --}}
#if(!empty(config('dz.public.global.css')))
#foreach(config('dz.public.global.css') as $style)
<link href="{{ asset($style) }}" rel="stylesheet" type="text/css"/>
#endforeach
#endif
using asset($style) when I go to the tenant domain, it looks for the css in a location that does not exist (the css are under localhost).
I thought of inserting an if-else inside the foreach loop in order to check the domain in the asset($style) and make sure that when in the tenant domain the css are searched as if we were in the localhost domain.
It's a good idea? do you have any advice or suggestions?
Now the asset location is changed for each tenant. You could 'hardcode' it.
Something like:
<link href='{{ env('APP_URL') }}/location/style.css'>
Another solution is to use the url() helper function instead of asset(), since it would generate an absolute path for the assets, this way you can use it in the same way as you use asset() function

Not able to load logo on the web

Hope you can clarify this issue:
I am trying to ad a favicon to my website in the head of my html layout, the link i am using is :
href="{{ asset('assets/public/images/favicon-32x32.png') }}"
I have my file in the following route:
backend/public/images/icon.png
the icon is not displaying on the web anyway, any idea about what can be the issue here?
thanks
as in laravel documentation
The asset function generates a URL for an asset using the current
scheme of the request (HTTP or HTTPS):
$url = asset('img/photo.jpg');
You can configure the asset URL host by setting the ASSET_URL variable
in your .env file. This can be useful if you host your assets on an
external service like Amazon S3:
// ASSET_URL=http://example.com/assets
$url = asset('img/photo.jpg'); // http://example.com/assets/img/photo.jpg
so if you use default ASSET_URL value in .env file and your favicon file in file structure like :
project_Folder/public/images/favicon.ico
so you need to make your link like
{{-- favicon --}}
<link rel="shortcut icon" href="{{ asset('images/favicon-32x32.png') }}">

css not working after passing id in url in laravel 5.6

My CSS is not working after passing an ID in an URL in Laravel 5.6
My route
Route::any('productdetail/{id?}','AdminController#productdetail');
The ID URL
<i class="icon-eye"></i>
I am using Laravel 5
This is the script tag:
<link rel="stylesheet" href="{{URL::asset('/css/style.css')}}">
Just use what #demo suggested.
asset('/css/style.css')
Or just
href="/css/style.css"
But never
href="../css/style.css"
Because if you later on change your current URL from 127.0.0.1:8000/productdetail/{id} to , let's say, 127.0.0.1:8000/productdetail/something/{id}, the asset will not be loaded properly anymore.
By using "/" in front of a source, you are telling the browser to start looking from the base URL, which is 127.0.0.1:8000/ in your case.
By omitting "/" in front of a source you are telling the browser to start looking from the current URL, which would be 127.0.0.1:8000/productdetail in your case, or even 127.0.0.1:8000/productdetail/{id} when you add your ID to it.
This problems occurs because we are using the relative path in our blade template and the solution is so simple, We have to use only the asset function to overcome this problem.
So change your code like this:
<link href="{{ asset('css/bootstrap.min.css') }}" rel='stylesheet' type='text/css' />
<script src="{{ asset('js/jquery.min.js') }}"> </script>

The requested URL /image.jpeg was not found on this server

I've got a Laravel in hosting company and I get this error:
The requested URL /image.jpeg was not found on this server.
This also happens with some CSS and JS files but not all the files. What could be? In my localhost environment everything works fine. Can it be some CPanel configuration that I'm missing?
Thank you :)
The standard way to do this is use asset() function. For example, I have example1.js file that I want to import/include/use in my application, I have to use the following code.
<script src="{{ asset('example1.js') }}" type="text/javascript"></script>
If you want to load image named exampleimage.jpg, You have to use the following code.
<img src="{{ asset('exampleimage.jpg') }}" />
You have to store images, Javascript, and CSS in public folder.
Let me know if it works. According to your question, this is your answer. Let me know if you have any more questions.

Resources