Css and Javascript links being served on http
am receiving the error below in my browser console, am running a laravel 10 app with docker
awis-beta-production.up.railway.app/:14 Mixed Content: The page at 'https://awis-beta-production.up.railway.app/' was loaded over HTTPS, but requested an insecure script 'http://awis-beta-production.up.railway.app/build/assets/app-uKLOvLP4.js'. This request has been blocked; the content must be served over HTTPS.
15 Replies
Project ID:
N/AI'd suspect it's an issue with the app itself. It's likely that there are hardcoded http links somewhere in the code. If that's the case, it's safe to replace them with relative ones
vite is handling the links
@vite(['resources/css/app.css', 'resources/js/app.js'])
Could you check what are the links actually look like in html? You can also see them from devtools network tab
they look like this
<link rel="preload" as="style" href="http://awis-beta-production.up.railway.app/build/assets/app-XZ0t4kG4.css"/>
<link rel="modulepreload" href="http://awis-beta-production.up.railway.app/build/assets/app-uKLOvLP4.js"/>
<link rel="stylesheet" href="http://awis-beta-production.up.railway.app/build/assets/app-XZ0t4kG4.css"/>
<script type="module" src="http://awis-beta-production.up.railway.app/build/assets/app-uKLOvLP4.js"></script>
yeah, that is not correct. these links should either be relative to root or use https protocol.
does your vite config have site name configured?
I don't think that it can pick up site name by default, so it mush be specified somewhere
am using the default env value
generated by Laravel,
it's safe to use relative paths like so:
/build/assets/app-XZ0t4kG4.css
assuming that everything is loaded from the same domain nameit looks like this
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_HOST=
PUSHER_PORT=443
PUSHER_SCHEME=https
PUSHER_APP_CLUSTER=mt1
VITE_APP_NAME="${APP_NAME}"
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_HOST="${PUSHER_HOST}"
VITE_PUSHER_PORT="${PUSHER_PORT}"
VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
i can't change that because it is being dynamically created on build
oh I see
is
$PUSHER_SCHEME set as a static variable or does the app generate it?these env configs are generated by laravel
have also tried removing the env configs provided above from my railway and the issue still persists
interestingly enough, I don't see any errors in my console when I open the link
railway juts upgrades connection to https
but I'm using Firefox, it might be different in chrome
you can try setting this environment variable:
ASSET_URL=https://awis-beta-production.up.railway.app
found this on stackoverflow tbh
thank you. it seems the issue was not setting the asset url
don't forget to change it when you go to production though