3 months ago
Hi, After deploying my Laravel app on Railway, I noticed that form submissions are flagged as insecure. Upon inspection, I realized that the form action URLs are using the http scheme instead of https.
I believe this issue is specific to the Railway deployment, as the same project works perfectly out of the box when deployed on Laravel Cloud, with all form actions correctly using https.
Would appreciate any insights or solutions. Thanks!
1 Replies
3 months ago
Hi Prince,
I am not a Laravel expert but it seems that Laravel cloud is doing some configuration work on your behalf.
I do think that Laravel generates URLs using request()->getScheme() or similar methods that default to HTTP if the request isn’t properly identified as secure.
On Railway, this is commonly due to the app running behind a proxy (like our load balancer), which handles HTTPS termination before forwarding the request to your container over HTTP. Laravel may not realize the original request was secure unless explicitly told. This is kinda like Django.
To fix this, you can instruct Laravel to trust the proxy and correctly detect HTTPS:
Set the TRUSTED_PROXIES environment variable in your Railway project:
TRUSTED_PROXIES=**This tells Laravel to trust all proxies, so it will correctly detect the original scheme (https) from the X-Forwarded-Proto header.
Set APP_URL to use HTTPS:
APP_URL=https://your-domain.comThis helps Laravel generate correct URLs in cases where it falls back to the app URL.
Let me know if this helps-
-Angelo
Status changed to Awaiting User Response Railway • 3 months ago
a month ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • about 1 month ago