-
Notifications
You must be signed in to change notification settings - Fork 10.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal] Protocol Relative asset urls #2171
Comments
I was using function asset($path)
{
return '//' . $_SERVER['HTTP_HOST'] . '/' . trim($path, '/');
} But HTTP_HOST may not alway be set http://php.net/manual/en/reserved.variables.server.php |
The asset function essentially works like protocoless behavior now, right? If you don't pass a scheme it will use the scheme of the current request. If that doens't work for you you could define a custom function as noted above. |
No it doesn't work like. For me at least if I don't pass $secure it always returns a HTTP asset regardless of what protocol the page was loaded using. http://laravel.com/api/source-class-Illuminate.Routing.UrlGenerator.html#112-129 I think this should be reopened. People shouldn't have to write their own solution for every project. |
Look at the getScheme method. It uses the current protocol if one is not On Wed, Oct 2, 2013 at 9:42 AM, Thomas Welton notifications@github.comwrote:
|
Oh ok. I may have missed something. As these weren't working when I deployed this to Heroku. |
What was the resolution on this? I am still having an issue using the asset helper loading over HTTPS. To get an asset to load with relative protocol do we need to write our own function? If I load an asset using asset helper over HTTPS on Heroku it still tries loading it with HTTP. |
Does Heroku serve as some kind of proxy perhaps, so that isScheme or isSecure doesn't return the correct value? Does setting the trusted proxies work? You can check if your request headers contains |
Yeah, I'm having the same issue, Heroku as well. Was a solution ever found? |
You probably have to set your trusted proxies correctly. |
Has anyone been able to solve this on Heroku? I am still having this problem. |
@hoshomoh Can't really remember. But looking over the comments I think this was was caused because I hadn't set the trusted proxies for the site which affected URL generation Install this https://github.com/fideloper/TrustedProxy
|
Thanks @thomaswelton, I already installed https://github.com/fideloper/TrustedProxy and made all necessary changes. But, it's still not working my assets are still loaded over |
I noticed the detection of HTTPS does not work on my machine running XAMPP on Windows. The variable |
@hoshomoh Were you able to solve this? I'm having this issue as well. |
For all the assets on my site I've wrapped the paths in the
asset()
helper.As defined here
framework/src/Illuminate/Support/helpers.php
Line 386 in e4d8493
The problem I have is that when viewed over HTTPs my assets do not load, as I did not pass secure true as a second parameter. As such my browser blocks the loading of HTTP assets as I'm browsing over HTTPS
In my case, knowing that my server can handle HTTPs requests I could go back into my code and pass in the second parameter to
asset()
but I think that is a little yucky. A lot of I'd have to type true quite a lot. And if one of our developers running the site on their local machine didn't have HTTPs setup the assets again wouldn't load.But lets just say I always knew HTTPs would work, and that I didn't mind typing true all the time. What about the packages my app consumes?
Lets say I'm using the FrozenNode Admin package. In some of their views they use the
asset()
helper and also don't request secure assets https://github.com/FrozenNode/Laravel-Administrator/blob/cb1e12e718454b26075e687e6b5e5bf16d3e7979/src/views/layouts/default.blade.phpIMO The currently the asset helper isn't much help due to the above issues.
Proposed Solution - The asset helper should return protocol relative URLs http://www.paulirish.com/2010/the-protocol-relative-url/
This was if my site is loaded over HTTP my assets load over HTTP, and if it loads over HTTPS my assets load over HTTPS too!
We could keep the second parameter of
asset()
to give developers the option of always getting a HTTPS asset url if required. But IMO I don't see a valid use case for this.Would be more than happy to be the one to submit the PR for this.
Thoughts?
Side Note: I'm about 3 months into Laravel and now just started using it for client projects, and am loving it.
The text was updated successfully, but these errors were encountered: