Fixing mixed content errors

2 min read Updated 1 week ago

Fixing mixed content errors

If your application shows mixed content warnings or serves HTTP links when it should use HTTPS, this guide will help you resolve the issue.

What causes mixed content errors?

Mixed content errors occur when your application generates HTTP URLs instead of HTTPS URLs. This typically happens because your application doesn't recognize it's being accessed over a secure connection when running behind our load balancers.

The solution

For Laravel applications, you need to configure your application to trust the load balancer's forwarded headers. Add this environment variable to your application:

TRUSTED_PROXIES=*

Good news: We automatically set this variable for all applications deployed on our platform. However, if you're experiencing issues, please verify:

  1. Check that the TRUSTED_PROXIES environment variable is set to * in your application's environment secrets

  2. Ensure your application's TrustProxies middleware is properly configured

  3. For Laravel applications, consult the official documentation: Configuring trusted proxies

For WordPress applications

WordPress applications deployed through our platform automatically receive the necessary proxy configuration. No additional setup is required.

For other applications

If you're using a framework other than Laravel or WordPress, you'll need to configure it to:

  • Trust the X-Forwarded-Proto header to detect HTTPS connections

  • Trust the X-Forwarded-Host header for the correct hostname

  • Trust the X-Forwarded-For header for the client's real IP address

Still having issues?

If you continue to experience mixed content errors after verifying the above configuration:

  1. Clear your application's cache

  2. Check that your application code uses url() or route() helpers instead of hardcoding URLs

  3. Verify that any third-party assets (CSS, JavaScript, images) are loaded over HTTPS