[Proposal] Protocol Relative asset urls

[thomaswelton]

For all the assets on my site I've wrapped the paths in the asset() helper.
As defined here

framework/src/Illuminate/Support/helpers.php

Line 386 in e4d8493

if ( ! function_exists('asset'))

Which is a helper for this method https://github.com/laravel/framework/blob/master/src/Illuminate/Routing/UrlGenerator.php#L113

The problem I have is that when viewed over HTTPs my assets do not load, as I did not pass secure true as a second parameter. As such my browser blocks the loading of HTTP assets as I'm browsing over HTTPS

In my case, knowing that my server can handle HTTPs requests I could go back into my code and pass in the second parameter to asset() but I think that is a little yucky. A lot of I'd have to type true quite a lot. And if one of our developers running the site on their local machine didn't have HTTPs setup the assets again wouldn't load.

But lets just say I always knew HTTPs would work, and that I didn't mind typing true all the time. What about the packages my app consumes?
Lets say I'm using the FrozenNode Admin package. In some of their views they use the asset() helper and also don't request secure assets https://github.com/FrozenNode/Laravel-Administrator/blob/cb1e12e718454b26075e687e6b5e5bf16d3e7979/src/views/layouts/default.blade.php

IMO The currently the asset helper isn't much help due to the above issues.

Proposed Solution - The asset helper should return protocol relative URLs http://www.paulirish.com/2010/the-protocol-relative-url/

This was if my site is loaded over HTTP my assets load over HTTP, and if it loads over HTTPS my assets load over HTTPS too!

We could keep the second parameter of asset() to give developers the option of always getting a HTTPS asset url if required. But IMO I don't see a valid use case for this.

Would be more than happy to be the one to submit the PR for this.

Thoughts?

Side Note: I'm about 3 months into Laravel and now just started using it for client projects, and am loving it.

[thomaswelton]

I was using asset() in quite a lot a few different places.
For a quick and dirty fix I have thrown this at the top of my public/index.php

function asset($path)
{
    return '//' . $_SERVER['HTTP_HOST'] . '/' . trim($path, '/');
}

But HTTP_HOST may not alway be set http://php.net/manual/en/reserved.variables.server.php
I've never had an issue with this this so for now this fixes my problem.

[taylorotwell]

The asset function essentially works like protocoless behavior now, right? If you don't pass a scheme it will use the scheme of the current request. If that doens't work for you you could define a custom function as noted above.

[thomaswelton]

No it doesn't work like. For me at least if I don't pass $secure it always returns a HTTP asset regardless of what protocol the page was loaded using. http://laravel.com/api/source-class-Illuminate.Routing.UrlGenerator.html#112-129

I think this should be reopened. People shouldn't have to write their own solution for every project.
There is no reason for the asset url to ever return a url with a protocol, so we should make that the default behaviour.

[taylorotwell]

Look at the getScheme method. It uses the current protocol if one is not
passed. I use this on every project I do, including those with HTTPS.

On Wed, Oct 2, 2013 at 9:42 AM, Thomas Welton notifications@github.comwrote:

No it doesn't work like. For me at least if I don't pass $secure it always
returns a HTTP asset regardless of what protocol the page was loaded using.
http://laravel.com/api/source-class-Illuminate.Routing.UrlGenerator.html#112-129

I think this should be reopened. People shouldn't have to write their own
solution for every project.
There is no reason for the asset url to ever return a url with a protocol,
so we should make that the default behaviour.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/2171#issuecomment-25544176
.

[thomaswelton]

Oh ok. I may have missed something. As these weren't working when I deployed this to Heroku.
Thanks for your help.

[davidthingsaker]

What was the resolution on this? I am still having an issue using the asset helper loading over HTTPS. To get an asset to load with relative protocol do we need to write our own function? If I load an asset using asset helper over HTTPS on Heroku it still tries loading it with HTTP.

[barryvdh]

Does Heroku serve as some kind of proxy perhaps, so that isScheme or isSecure doesn't return the correct value? Does setting the trusted proxies work? You can check if your request headers contains X-Forwarded-Proto)

[hotmeteor]

Yeah, I'm having the same issue, Heroku as well. Was a solution ever found?

[barryvdh]

You probably have to set your trusted proxies correctly.

[hoshomoh]

Has anyone been able to solve this on Heroku? I am still having this problem.

[thomaswelton]

@hoshomoh Can't really remember. But looking over the comments I think this was was caused because I hadn't set the trusted proxies for the site which affected URL generation

Install this https://github.com/fideloper/TrustedProxy

Setting a trusted proxy allows for correct URL generation, redirecting, session handling and logging in Laravel when behind a proxy.

[hoshomoh]

Thanks @thomaswelton, I already installed https://github.com/fideloper/TrustedProxy and made all necessary changes. But, it's still not working my assets are still loaded over http on on https. I am managing my domain with CloudFlare, not sure if there is any relationship.

[kwebble]

I noticed the detection of HTTPS does not work on my machine running XAMPP on Windows.

The variable HTTPS on the array $_SERVER is used to detect if the request is secure, but that value does not exist on my setup.

[blindstuff]

@hoshomoh Were you able to solve this? I'm having this issue as well.