Fixing mixed content errors
Fixing mixed content errors
If your application shows mixed content warnings or serves HTTP links when it should use HTTPS, this guide will help you resolve the issue.
What causes mixed content errors?
Mixed content errors occur when your application generates HTTP URLs instead of HTTPS URLs. This typically happens because your application doesn't recognize it's being accessed over a secure connection when running behind our load balancers.
The solution
For Laravel applications, you need to configure your application to trust the load balancer's forwarded headers. Add this environment variable to your application:
TRUSTED_PROXIES=*
Good news: We automatically set this variable for all applications deployed on our platform. However, if you're experiencing issues, please verify:
Check that the
TRUSTED_PROXIES
environment variable is set to*
in your application's environment secretsEnsure your application's
TrustProxies
middleware is properly configuredFor Laravel applications, consult the official documentation: Configuring trusted proxies
For WordPress applications
WordPress applications deployed through our platform automatically receive the necessary proxy configuration. No additional setup is required.
For other applications
If you're using a framework other than Laravel or WordPress, you'll need to configure it to:
Trust the
X-Forwarded-Proto
header to detect HTTPS connectionsTrust the
X-Forwarded-Host
header for the correct hostnameTrust the
X-Forwarded-For
header for the client's real IP address
Still having issues?
If you continue to experience mixed content errors after verifying the above configuration:
Clear your application's cache
Check that your application code uses
url()
orroute()
helpers instead of hardcoding URLsVerify that any third-party assets (CSS, JavaScript, images) are loaded over HTTPS