framework icon indicating copy to clipboard operation
framework copied to clipboard
Published 5 months ago verified publisher icon laravel

Vite::assetPath does not properly pass $secure flag to asset() fallback

Open abdallaMansour opened this issue 10 months ago • 2 comments

Laravel Version

12

PHP Version

8.1.31

Database Driver & Version

No response

Description

In the file Illuminate\Foundation\Vite, the method assetPath() is defined as follows:

protected function assetPath($path, $secure = null)
{
    return ($this->assetPathResolver ?? asset(...))($path, $secure);
}

However, when the fallback asset(...) function is used, the $secure parameter is not passed in the actual call to assetPath(). For example

$this->assetPath("{$buildDirectory}/{$chunk['file']}")

The $secure argument is omitted in such cases, which causes asset URLs to be generated using HTTP even in HTTPS environments (e.g., in hosting platforms like (Railway).

This behavior may go unnoticed in local development, but it becomes critical in production environments where asset() needs to generate secure URLs (HTTPS), especially when mixed content warnings appear in browsers.

Steps To Reproduce

1 - Create new laravel 12 project with breeze 2 - Deploy the project in railway 3 - Run the application

abdallaMansour avatar Jun 04 '25 13:06 abdallaMansour

I think I got this issue in the past with assets and Railway. Did you try to put the right APP_URL or ASSET_URL in production ?

https://laravel.com/docs/12.x/vite#custom-base-urls

Might also be an issue with the wrong proxy_pass https setup. In case of you could also force everything to be https in production :

if (env('APP_ENV') === 'production') { URL::forceSchema('https'); }

danielsum avatar Jun 05 '25 05:06 danielsum

@danielsum yes it work when i add ASSET_URL in .env ❤️

abdallaMansour avatar Jun 12 '25 08:06 abdallaMansour